![]() |
COMMAND DESCRIPTION 16/190 82-CRA 119 1170/1-V1 Uen D | ![]() |
Copyright
© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademark List
SmartEdge | is a registered trademark of Telefonaktiebolaget LM Ericsson. | |
NetOp | is a trademark of Telefonaktiebolaget LM Ericsson. |
Commands starting with “s” through commands starting with “show a” are included.
sa-filter [in | out] acl-name
no sa-filter [in | out] acl-name
Specifies an access control list (ACL) to filter source active (SA) messages coming in to, or going out of, the peer.
MSDP peer configuration
in |
Optional. Filters incoming SA messages only. |
out |
Optional. Filters outgoing SA messages only. |
acl-name |
Name of the ACL used to filter SA messages. |
None
Use the sa-filter command to specify an ACL to filter SA messages coming in to, or going out of, the peer.
Use the no form of this command to remove the SA filter.
The following example filters incoming SA messages from a peer using the ACL, peer-sa-filter-in-group:
[local]Redback(config-ctx)#ip access-list peer-sa-filter-in-group [local]Redback(config-access-list)#seq 10 deny ip any 224.137.0.0 0.0.255.255 [local]Redback(config-access-list)#seq 20 deny ip any 224.134.1.0 0.0.0.255 [local]Redback(config-access-list)#seq 30 deny ip any host 224.131.1.1 [local]Redback(config-access-list)#seq 40 permit any any [local]Redback(config-ctx)#router msdp [local]Redback(config-msdp)#peer 10.200.1.2 local-tcp-source lo1 [local]Redback(config-msdp-peer)#sa-filter in peer-sa-filter-in-group
The following example filters outgoing SA messages to a peer using the ACL, peer-sa-filter-out-source-group:
[local]Redback(config-ctx)#ip access-list peer-sa-filter-out-source-group [local]Redback(config-access-list)#seq 10 deny ip 44.1.1.0 0.0.0.255 host 224.133.1.2 [local]Redback(config-access-list)#seq 20 deny ip 44.1.1.0 0.0.0.255 224.136.2.0 0.0.0.255 [local]Redback(config-access-list)#seq 30 permit ip any any [local]Redback(config-ctx)#router msdp [local]Redback(config-msdp)#peer 10.200.1.2 local-tcp-source lo1 [local]Redback(config-msdp-peer)#sa-filter out peer-sa-filter-out-source-group
sample-interval minutes
default sample-interval
Specifies the interval between the collection of bulkstats samples.
bulkstats configuration
minutes |
Interval, in minutes, between samples. The range of values is 1 to 1,440 minutes (24 hours); the default value is 15 minutes. |
The sampling interval is 15 minutes.
Use the sample-interval command to specify the interval between the collection of bulkstats samples. Setting the sampling interval so that sampling occurs too often can decrease the performance of the SmartEdge® router.
Use the default form of this command to return the sampling interval to 15 minutes.
The following example sets the sampling interval to 30 minutes:
[local]Redback(config)#context local [local]Redback(config-ctx)#bulkstats policy bulk [local]Redback(config-bulkstats)#sample-interval 30
sampling
no sampling
Use the sampling command to enable random sampling for flows using a specific IP profile.
flow IP profile configuration
This command has no keywords or arguments.
Sampling is disabled.
Use the sampling command to enable random sampling for flows using a specific IP profile.
Use the no version of this command to disable random sampling for flows using a specific IP profile.
The following example shows how to use the sampling command to enable random sampling for flows using the IP profile p1:
[local]Redback# configure [local]Redback(config)# flow ip profile p1 [local]Redback(config-flow-ip-profile)#sampling
save configuration [url] [-noconfirm]
Saves the running configuration to a file on a remote server or the local file system.
exec (10)
url |
Optional. URL of the file to which the configuration is saved; if not specified the configuration is saved to redback.cfg file. |
-noconfirm |
Optional. Replaces an existing file without prompting for confirmation. |
Commands are saved to the default configuration file.
Use the save configuration command to save the running configuration to a file on a remote server or the local file system.
Only those commands that modify the default configuration of the SmartEdge router are saved.
When saving the configuration to the local file system, the URL takes the following form:
[/device][/directory]/filename.ext
The value for the device argument can be flash, or if a mass-storage device is installed, md. If you do not specify the device argument, the default value is the device in the current working directory. If you do not specify the directory argument, the default value is the current directory. Directories can be nested. The value for the filename argument can be up to 256 characters in length.
The value for the filename argument can be up to 256 characters in length. If you do not specify the filename.ext argument, the configuration is saved to the redback.cfg file.
To ensure that the binary database file (/flash/redback.bin) is created correctly when saving to the redback.cfg file, enter this command without a filename, or specify redback.cfg as the filename without a device or directory. For information about these files, see Managing Configuration Files.
When saving the configuration to a remote server, you can use the File Transfer Protocol (FTP), Remote Copy Protocol (RCP), Secured Copy Protocol (SCP), Secured FTP (SFTP), or Trivial FTP (TFTP).
Table 1 describes the syntax for the url argument when saving the file to a remote server.
Server Protocol |
URL Format |
---|---|
FTP, SCP, or SFTP |
ftp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext scp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext sftp://username[:passwd]@{ip-addr | hostname}[//directory]/filename.ext |
RCP |
rcp://username@{ip-addr | hostname}[//directory]/filename.ext |
TFTP |
ftp://{ip-addr | hostname}[//directory]/filename.ext |
You can specify the hostname argument only if Domain Name System (DNS) is enabled with the ip domain-lookup, ip domain-name, and ip name-servers commands (in context configuration mode); see the Command List.
If you attempt to overwrite an existing file on the local file system, the system prompts you for confirmation. Use the -noconfirm optional keyword to replace an existing file without providing confirmation to the system. In either case, the system saves a backup of the existing file with the .bak file extension. Only a single copy of the file is saved as a backup.
The following example saves the current active system configuration to a file, current.cfg, on the local file system. The user is prompted to overwrite an existing file:
[local]Redback#save configuration /flash/current.cfg Save to file: current.cfg Target file exists, overwrite? y
The following example shows that the existing current.cfg file has been saved as current.cfg.bak:
[local]Redback#directory /flash
Contents of /flash total 2590 -rw-r--r-- 1 root 10000 4564 Jan 23 2006 current.cfg -rw-r--r-- 1 root 10000 3654 Jan 23 2006 current.cfg.bak -rw-r--r-- 1 root 10000 1578 Jan 23 2006 redback.cfg
save log [text] filename [-noconfirm]
Saves one of the internal event log buffers to the flash file system.
exec (10)
text |
Optional. Event log is saved in plain text. Default form is in binary if this argument is not specified. |
filename |
Name of the file to which log entries are to be saved. Local filename is specified. If the full path is not specified, the default directory is /flash. |
-noconfirm |
Optional. Overwrites the specified filename if it already exits without user confirmation. |
None
Use the save log command to save one of the internal event log buffers to the flash file system for later examination.
To examine the debugging messages, use the logging debug command (in global configuration mode); to save the messages prior to examining them, use the save log command. You can use the logging filter command (in context configuration mode) to specify different levels of logging filters.
For more information about the logging debug and logging filter commands, see the Command List.
The following example saves a copy of the log to the file, log.sav, in the /flash directory:
[local]Redback>save log log.sav
save seos-core
Saves a previously written core dump of the operating system to the mass-storage device in the /md partition.
This command has no keywords or arguments.
None
Use the save seos-core command to save a core dump, which the operating system kernel has previously written to the swap partition on the mass-storage device, to the /md partition on the same device; the SmartEdge router must have a mass-storage device installed to use this command.
Either controller card can detect a problem and cause its kernel to dump an image of the running operating system on its mass-storage device. When you enter this command, you must be using a command-line interface (CLI) running on that same controller card to allow the command to access the core dump in the swap partition. For example, if the controller card that wrote the core dump has become the standby controller after reloading the operating system, you must connect to the local console for the standby controller card; if it was the active controller card, you can access the CLI from either the local console or the management port. Logging messages identify the controller card that wrote the core dump to the swap partition.
This command saves the core dump in two crash files. The filenames for these files, netbsd.0.core.gz and netbsd.0.gz, are fixed; however, you can rename the files after the save operation is complete. If you rename the files, we recommend that you add only the date to the filenames to ensure that “core” remains in the filename for the netbsd.0.core.gz file.
The following example saves a core dump of the operating system to two crash files in the /md partition on the mass-storage device of the active controller card and renames them to include the date of the core dump:
[local]Redback#save seos-core
dumplo = 89128960 (174080 * 512) savecore: number read 512 value of magic on disk is 76910538 savecore: newdumpmag: 4958fca savecore: dumpsize is 91003972 savecore: /md/bounds: No such file or directory savecore: writing compressed core to /md/netbsd.0.core.gz savecore: total output bytes(uncompressed):442499072 savecore: writing compressed kernel to /md/netbsd.0.gz
[local]Redback#rename /md/netbsd.0.core.gz /md/netbsd031002.0.core.gz [local]Redback#rename /md/netbsd.0.gz /md/netbsd031002.0.gz
schema sch-prof-name
no schema sch-prof-name
Applies a system-level bulkstats schema profile to gather system-wide statistics using this policy.
bulkstats configuration
sch-prof-name |
Name of the global schema profile. Alphanumeric string with up to 19 characters. |
None
Use the schema command to apply a system-level (global) bulkstats schema profile to gather system-wide statistics using this policy. You can apply multiple schema profiles using this command. Each schema can gather a different type and format of data. Each application of a schema profile is used to create a text record that is appended to the bulkstats collection file for this policy after every sample period.
Caution! | ||
Risk of system performance degradation. Although you can apply
multiple schema profiles, each gathering a different type and format
of data, it is advisable to minimize the number of schema profile
applications to reduce impact on system performance. To reduce the
risk, you can instead create one schema profile that records several
subsets of data. Separate each subset within the format string by
entering the \n character sequence, which creates a
new starting line in the output file. You can then apply this single
schema profile in place of multiple schema profiles.
|
Use the no form of this command to remove the specified schema profile.
The following example applies a previously configured schema profile sample for the bulk policy:
[local]Redback(config)#context local [local]Redback(config-ctx)#bulkstats policy bulk [local]Redback(config-bulkstats)#schema sample
schema-dump
no schema-dump
Enables writing the definitions of the configured bulkstats schema profiles to the beginning of the bulkstats data collection file.
bulkstats configuration
This command has no keywords or arguments.
No schema profile definition is saved in any bulkstats data collection file for any policy.
Use the schema-dump command to enable writing the definitions of the configured bulkstats schema profiles to the beginning of the bulkstats data collection file. When enabled, the definition of each configured schema profile is printed at the beginning of the bulkstats collection file.
Use the no form of this command to disable writing the definitions of schema profiles to the bulkstats data collection file.
The following example writes the definitions of the configured bulkstats schema profiles to the bulkstats data file:
[local]Redback(config)#context local [local]Redback(config-ctx)#bulkstats policy bulk [local]Redback(config-bulkstats)#schema-dump
scramble
{no | default} scramble
Enables X^43+1 synchronous payload envelope (SPE) scrambling on a Packet over SONET/SDH (POS) port, as specified in RFC 2615, PPP over SONET/SDH.
This command has no keywords or arguments.
SPE scrambling is enabled on the port.
Use the scramble command to enable X^43 +1 scrambling on a POS port, as specified in RFC 2615, PPP over SONET/SDH.
Use the no form of this command to disable SPE payload scrambling.
Use the default form of this command to enable SPE payload scrambling.
The following example shows how to disable SPE scrambling for port 1 on the POS traffic card in slot 11. It also results in the C2 value being set to the value of 0xCF:
[local]Redback(config)#port pos 11/1 [local]Redback(config-port)#no scramble
send {permit | deny}
no send {permit | deny}
Configures the setting in the IGMP snooping profile that controls the ability of the associated circuits to send multicast data.
permit |
Permits circuits to send multicast data. |
deny |
Denies the sending of multicast data by circuits. |
The sending of multicast data is permitted on all circuits.
Use the send command to configure the setting in the IGMP snooping profile that controls the ability of the associated circuits to send multicast data.
Use the no form of this command to return the IGMP snooping profile to the default setting in which the sending of multicast data is permitted on all circuits.
The following example shows how to deny the sending of multicast data by all circuits attached to an IGMP snooping profile called sanjose1:
[local]Router#configure [local]Router(config)#igmp snooping profile sanjose1 [local]Redback(config-igmp-snooping-profile)#send deny
The following example shows how to permit the sending of multicast data by all circuits attached to an IGMP snooping profile called sanjose1:
[local]Router#configure [local]Router(config)#igmp snooping profile sanjose1 [local]Redback(config-igmp-snooping-profile)#send permit
send community
no send community
Specifies that the community attribute is sent to the specified external Border Gateway Protocol (eBGP) neighbor or peer group.
This command has no keywords or arguments.
The community attribute is not sent to the eBGP neighbor or peer group. The community attribute is always sent to internal BGP (iBGP) peers.
Use the send community command to specify that the community attribute is sent to the specified eBGP neighbor or peer group.
Use the no form of this command to restore the default behavior of not sending the community attribute to eBGP neighbors.
The following example sends the community attribute to the eBGP neighbor at IP address 123.45.34.2:
[local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 123.45.34.2 external [local]Redback(config-bgp-neighbor)#remote as-200 [local]Redback(config-bgp-neighbor)#send community
send ext-community
no send ext-community
Specifies that the extended community attribute is sent to the specified external Border Gateway Protocol (eBGP) neighbor or peer group.
This command has no keywords or arguments.
The extended community attribute is not sent to the eBGP neighbor or peer group. The extended community attribute is always sent to internal BGP (iBGP) peers.
Use the send ext-community command to specify that the extended community attribute is sent to the specified eBGP neighbor or peer group.
Use the no form of this command to restore the default behavior of not sending the extended community attribute to eBGP neighbors.
The following example sends the extended community attribute to the eBGP neighbor at IP address 123.45.34.2:
[local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 123.45.34.2 external [local]Redback(config-bgp-neighbor)#remote as-200 [local]Redback(config-bgp-neighbor)#send ext-community
send filter prefix-list
no send filter prefix-list
Advertises to a Border Gateway Protocol (BGP) peer that a BGP speaker can send prefixed-based filtering to a peer.
BGP neighbor configuration
This command has no keywords or arguments.
The command is disabled.
Use the send filter prefix-list command to advertise to a BGP peer that a BGP speaker can send address prefix-based route filtering to a peer.
When this command is enabled, and if the BGP peer advertises its willingness to accept address prefixed-based filtering (through the accept filter prefix-list command in BGP neighbor configuration mode), this local BGP speaker sends its inbound address prefix-based filtering to the remote peer. The remote peer uses the received address prefix-based filtering along with its local routing policies to determine whether routes should be advertised to the peer.
Use this command to save resources and avoid the generation, transmission, and processing of unnecessary routing updates.
Use the show bgp neighbor ip-addr received prefix-filter command to display address prefix-based route filtering configuration information.
Use the no form of this command to disable a BGP speaker from accepting route filtering from a peer.
For further information, see the Internet Drafts, Cooperative Route Filtering Capability for BGP-4, draft-ietf-idr-route-filter-03.txt, and Address Prefix Based Outbound Route Filter for BGP-4, draft-chen-bgp-prefix-orf-02.txt.
The following example enables the external BGP (eBGP) speaker at IP address, 10.1.1.1, to send outbound route filters to BGP peers:
[local]Redback(config-bgp)#neighbor 10.1.1.1 external [local]Redback(config-bgp-neighbor)#send filter prefix-list
send join
no send join
Sends join messages upstream on the RPF primary and secondary interface without any outgoing interfaces (OIFs) being present.
This command has no keywords or arguments.
The send-join feature is disabled for a group, and the SmartEdge router continues sending new join messages upstream in the network.
Use the send-join command to send join messages upstream on the RPF primary and secondary interface without any OIFs being present. If a join message from IGMP is received by PIM after the send-join feature is enabled for a specific group, the SmartEdge router does not send any new join messages upstream in the network. Instead, the SmartEdge router immediately adds the client to the OIF list and starts forwarding the multicast stream. In other words, PIM sends the join messages upstream only once and maps the join from IGMP to PIM.
Use the no form of this command to disable the sending of join messages before any multicast receivers are present.
The following example shows how to enable the send-join feature on the group with an IP address of 255.100.1.1. With this configuration, PIM sends new join messages upstream only once and maps the join from IGMP to PIM:
[local]Redback(config-ctx)#pim dual-join group 225.100.1.1 source 192.110.30.6 [local]Redback(config-pim-dual)#send join
send label
no send label
Enables a Border Gateway Protocol (BGP) router to send Multiprotocol Label Switching (MPLS) labels with BGP IP Version 4 (IPv4) or IP Version 6 (IPv6) routes to a peer BGP router.
BGP neighbor address family configuration
This command has no keywords or arguments.
BGP routers distribute BGP IPv4 unicast routes without MPLS labels.
Use the send label command to enable a BGP router to send MPLS labels with BGP IPv4 or IPv6 routes to a peer BGP router.
One application for this command is the BGP/MPLS Virtual Private Network (VPN) Carrier Supporting Carrier configuration. The user must configure this command on the provider edge (PE) and customer edge (CE) routers between the super carrier and the ISP carrier.
This command has the following restrictions:
Use the no form of this command to disable the BGP router from sending MPLS labels with IPv4 unicast routes.
The following example enables the local router to send MPLS labels along with BGP IPv4 unicast routes to peer 1.1.1.1:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 1.1.1.1 external [local]Redback(config-bgp-neighbor)#address-family ipv4 unicast [local]Redback(config-bgp-peer-af)#send label
The following example shows how to enable the local router to send MPLS labels along with BGP IPv6 routes to peer 1.1.1.1:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#neighbor 1.1.1.1 external [local]Redback(config-bgp-neighbor)#address-family ipv6 unicast [local]Redback(config-bgp-peer-af)#send label
send-lifetime start-datetime [{duration seconds | infinite | stop-datetime}]
no send-lifetime start-datetime [{duration seconds | infinite | stop-datetime}]
Establishes a start date and time for sending the key, and optionally, a stop date and time for sending the key.
key chain configuration
start-datetime |
Date and time to start sending the key being configured. Must be in the format yyyy:mm:dd:hh:mm[:ss]. For more information about the format of this argument, see the “ Section 1.16.5” section. |
duration seconds |
Optional. Number of seconds to continue sending the key. The range of values is 1 to 2147483646. |
infinite |
Optional. Specifies that the key is to be sent indefinitely. |
stop-datetime |
Optional. Date and time to stop sending the key being configured. Must be in the format yyyy:mm:dd:hh:mm[:ss]. For more information about the format of this argument, see the “ Section 1.16.5” section. |
If you do not use this command, the key is sent starting immediately and continues to be sent indefinitely. If you do not specify a duration when using this command, the key is sent indefinitely.
Use the send-lifetime command to specify when the key being configured is to be sent. The format of the start-datetime and stop-datetime arguments is yyyy:mm:dd:hh:mm[:ss] and is defined as follows:
If you issue the send-lifetime command without any optional constructs, the key is sent starting with the date and time that you specify and continues to be sent indefinitely.
You can replace an existing send lifetime value by issuing the send-lifetime command again, and specifying new parameters.
Use the no form of this command to specify that the key is no longer to be sent.
The following example establishes a send lifetime of January 25, 2002 at one minute and one second after 4:00 a.m. The key is accepted indefinitely:
[local]Redback(config-key-chain)#send-lifetime 2002:25:04:01:01
The following example establishes a send lifetime of January 25, 2002 at exactly midnight, and specifies that the key is to be sent for 30 minutes (1800 seconds):
[local]Redback(config-key-chain)#send-lifetime 2002:25:00:00 duration 1800
seq num command-string [param-num]...
no seq num
Specifies a command in the macro.
macro configuration
num |
Sequence number that denotes the order in which this command is included in the macro. |
command-string |
Command with the appropriate keywords, arguments, and constructs to be included in the macro. Use the $ symbol as a placeholder in the command-string argument to designate the arguments for the command. |
param-num |
Optional. Sequence number of a parameter to be entered with the macro name. Separate the sequence numbers with a space. The range of values is 1 to 10; the asterisk (*) character is also supported. |
No commands are specified for a macro.
Use the seq command to specify a command to be included in the macro.
Use $1, $2, and so on, as placeholders in the command-string argument to designate the arguments for the command. You can specify up to nine placeholders, $1 to $9, for command arguments. Use the asterisk (*) character to specify all values of that argument for the command.
Use the exit command (in macro configuration mode) to complete the macro and exit to global configuration mode.
Use the no form of this command to delete the command from the macro.
The following example defines the macro, show-all-port, to display port information:
[local]Redback(config)#macro inherit show-port-all [local]Redback(config-macro)#seq 10 show port $1/$2 [local]Redback(config-macro)#seq 20 show circuit $1/$2 [local]Redback(config-macro)#exit
The following example displays port and circuit data for port 3 of the traffic card in slot 4 using the same macro:
[local]Redback>show-port-all 4 3
The following example defines a macro that uses the * character:
[local]Redback(config)#macro inherit show-all [local]Redback(config-macro)#seq 10 show config $* [local]Redback(config-macro)#seq 20 show ip interface $* [local]Redback(config-macro)#seq 30 show circuit $* [local]Redback(config-macro)#exit
The following example captures the information displayed by the same macro in the file, output.txt:
[local]Redback>show-all | append output.txt
Statements in IPv4 and IPv6 ACLs can contain different criteria; for syntax for statements in IPv6 ACLs, see seq (IPv6 ACL).
seq {permit | deny} [protocol] {src src-wildcard | any | host src} [{cond port | range port end-port}] [max-sessions limit] [min-sessions limit] [dest dest-wildcard | any | host dest] [cond port | range port end-port] [length {cond length | range length end-length}] [icmp-type icmp-type [icmp-code icmp-code]] [igmp-type igmp-type] [dscp eq dscp-value] [established] [precedence prec-value] [tos tos-value] [class class-name] [condition cond-id]
no permit src src-wildcard
Creates an IPv4 access control list (ACL) statement that denies or allows packets that meet the specified criteria and sets the order of the statement in the ACL.
access control list configuration
seq-num |
Sequence number for the statement in an ACL. The range of values is 1 to 4,294,967,295. |
deny |
Deny packets with the specified criteria. |
permit |
Allow packets with the specified criteria |
protocol |
Optional. Number indicating a supported protocol as specified in RFC 1700, Assigned Numbers . The range of values is 0 to 255 or one of the keywords listed in Table 2. |
src |
Source address to be included in the permit or deny criteria; an IP address in the form A.B.C.D. |
src-wildcard |
Indication of which bits in the src argument are significant for purposes of matching; expressed as a 32-bit quantity in a 4-byte dotted-decimal format. Any zero-bits in the src-wildcard argument must be matched by the corresponding bits in the src argument. For any one-bits in the src-wildcard argument, the corresponding bits in the src argument are ignored. |
any |
Specifies a completely wildcard source or destination IP address indicating that IP traffic to or from all IP addresses is to be included in the permit or deny criteria. Identical to 0.0.0.0 255.255.255.255. |
host src |
Address of a single-host source with no wildcard address bits. The host source construct is identical to the src src-wildcardconstruct if the wildcard address indicates that all bits should be matched (0.0.0.0). |
cond |
Optional. Matching condition for the port or length argument, according to one of the keywords listed in Table 3. |
port |
Optional. TCP or UDP source or destination port. This argument is only available if you specified TCP or UDP as the protocol. The range of values is 1 to 65,535 or one of the keywords listed in Table 4 and Table 5. |
range port end-port |
Optional if you specify the TCP or UDP protocol. Beginning and ending TCP or UDP source or destination ports that define a range of port numbers. A packet’s port must be within the specified range to match the criteria. The range of values is 1 to 65,535 or one of the keywords listed in Table 4 and Table 5. Available with the seq permit construct only. |
max-sessions limit |
Optional. Maximum number of sessions allowed for the specified IP address or IP subnet. This construct is only available for TCP. Use the ip access-list command with the ssh-and-telnet-acl keyword to apply an IP ACL to packets associated with an Secured Shell (SSH) or a Telnet server. The range of values is 1 to 32. Available with the seq permit construct only. |
min-sessions limit |
Optional. Minimum number of sessions allowed for the specified IP address or IP subnet. This construct is only available if you specify TCP as the protocol in this command and use the ip access-list command with the ssh-and-telnet-acl keyword to apply an IP ACL to packets associated with an SSH or a Telnet server. The range of values is 0 to 32. The sum of values specified for the min-sessions limit construct for all specified IP addresses or IP subnets must not exceed 32. |
dest |
Optional. Destination address to be included in the permit or deny criteria; an IP address in the form A.B.C.D. |
dest-wildcard |
Indication of which bits in the dest argument are significant for purposes of matching. Expressed as a 32-bit quantity in a 4-byte dotted-decimal format. Zero-bits in the dest-wildcard argument mean that the corresponding bits in the dest argument must match; one-bits in the dest-wildcard argument mean that the corresponding bits in the dest argument are ignored. |
host dest |
Address of a single-host destination with no wildcard address bits. The host dest construct is identical to the dest dest-wildcard construct, if the wildcard address indicates that all bits should be matched (0.0.0.0). |
length |
Optional. Indicates that packet length is to be used as a filter. The packet length is the length of the network-layer packet, beginning with the IP header, regardless of the specified protocol. |
length |
Packet length. The range of values is 20 to 65,535. |
range length end-length |
Packets that fall into the range of specified lengths. Each value (length and end-length) can be from 20 to 65,535. |
icmp-type icmp-type |
Optional. Type of ICMP packet to be matched. The range of values is 0 to 255 or one of the keywords listed in Table 6. This argument is only available if you specify icmp for the protocol argument. |
icmp-code icmp-code |
Optional if you use the icmp-typeicmp-type construct. A particular ICMP message code to be matched. The range of values is 0 to 255. This argument is only accepted if you specified icmp for the protocol argument. |
igmp-type igmp-type |
Optional. Type of IGMP packet to be matched. This argument is only accepted if you specified igmp as the protocol argument. The range of values is 0 to 15 or one of the keywords listed in Table 7. |
dscp eq dscp-value |
Optional. Packet Differentiated Services Code Point (DSCP) value must be equal to the value specified in the dscp-value argument to match the criteria. The range of values is 0 to 63 or one of the keywords listed in Table 8. |
established |
Optional. Specifies that only established connections are to be matched. This keyword is only available if you specify tcp for the protocol argument. |
precedence prec-value |
Optional. Precedence value of packets to be considered a match. The range of values is 0 to 7, 7 being the highest precedence, or one of the keywords listed in Table 9. |
tos tos-value |
Optional. Type of service (ToS) to be considered a match. The range of values is 0 to 15 or one of the keywords listed in Table 10. |
classclass-name |
Optional. Policy-based class name. Available with the seq permit construct in policy ACLs only. |
condition cond-id |
Optional. ACL condition ID in integer or IP address format. The ID range of values is 1 to 4,294,967,295. |
None
Use the seq deny and seq permit constructs to create IP ACL statements to deny or allow packets that meet the specified criteria. This command also sets the order of the statement in the ACL. You can also use the deny and permit commands to create IP ACL statements; in this case, the SmartEdge OS automatically sets the order of the statement in the ACL.
In the IPv4 syntax, the cond port and cond length constructs are mutually exclusive with the range port end-port and range length end-length constructs.
With the seq permit construct, you can use the optional max-sessions limit and min-sessions limit constructs to specify a maximum or minimum number of simultaneous SSH or Telnet sessions allowed from an IP address or subnet. These constructs are available if you use the service ssh server or service telnet server commands with the access-group keyword to enable the SSH or Telnet protocol and apply the ACL. For statements where the any keyword is specified for both source and destination, only the max-sessions limit construct applies.
Use the no form of this command to delete the statement with the specified sequence number from the ACL.
Table 11 lists the valid keyword values for the protocol argument:
Keyword |
Definition |
---|---|
ahp |
Authentication Header Protocol |
esp |
Encapsulation Security Payload |
gre |
Generic Routing Encapsulation |
host |
Host source address |
icmp |
Internet Control Message Protocol |
igmp |
Internet Group Management Protocol |
ip |
Any IP protocol |
ipinip |
IP-in-IP tunneling |
ospf |
Open Shortest Path First |
pcp |
Payload Compression Protocol |
pim |
Protocol Independent Multicast |
tcp |
Transmission Control Protocol |
udp |
User Datagram Protocol |
Table 3 lists the valid keyword values for the cond argument.
Keyword |
Description |
---|---|
eq |
Equal to |
gt |
Greater than |
lt |
Less than |
neq |
Not equal to |
Table 13 lists the valid keyword values for the port argument when it is used to specify a TCP port.
Keyword |
Definition |
Corresponding Port Number |
---|---|---|
bgp |
Border Gateway Protocol (BGP) |
179 |
chargen |
Character generator |
19 |
cmd |
Remote commands (rcmd) |
514 |
daytime |
Daytime |
13 |
discard |
Discard |
9 |
domain |
Domain Name System |
53 |
echo |
Echo |
7 |
exec |
Exec (rsh) |
512 |
finger |
Finger |
79 |
ftp |
File Transfer Protocol |
21 |
ftp-data |
FTP data connections (used infrequently) |
20 |
gopher |
Gopher |
70 |
hostname |
Network interface card (NIC) hostname server |
101 |
ident |
Identification protocol |
113 |
irc |
Internet Relay Chat |
194 |
klogin |
Kerberos login |
543 |
kshell |
Kerberos Shell |
544 |
login |
Login (rlogin) |
513 |
lpd |
Printer service |
515 |
nntp |
Network News Transport Protocol |
119 |
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
pop2 |
Post Office Protocol Version 2 |
109 |
pop3 |
Post Office Protocol Version 3 |
110 |
shell |
Remote command shell |
514 |
smtp |
Simple Mail Transport Protocol |
25 |
ssh |
Secure Shell |
22 |
sunrpc |
Sun Remote Procedure Call |
111 |
syslog |
System logger |
514 |
tacacs |
Terminal Access Controller Access Control System |
49 |
talk |
Talk |
517 |
telnet |
Telnet |
23 |
time |
Time |
37 |
uucp |
UNIX-to-UNIX Copy Program |
540 |
whois |
Nickname |
43 |
www |
World Wide Web (HTTP) |
80 |
Table 14 lists the valid keyword values for the port argument when it is used to specify a UDP port.
Keyword |
Definition |
Corresponding Port Number |
---|---|---|
biff |
Biff (Mail Notification, Comsat) |
512 |
bootpc |
Bootstrap Protocol client |
68 |
bootps |
Bootstrap Protocol server |
67 |
discard |
Discard |
9 |
dnsix |
DNSIX Security Protocol Auditing |
195 |
domain |
Domain Name System |
53 |
echo |
Echo |
7 |
isakmp |
Internet Security Association and Key Management Protocol (ISAKMP) |
500 |
mobile-ip |
Mobile IP Registration |
434 |
nameserver |
IEN116 Name Service (obsolete) |
42 |
netbios-dgm |
NetBIOS Datagram Service |
138 |
netbios-ns |
NetBIOS Name Service |
137 |
netbios-ss |
NetBIOS Session Service |
139 |
ntp |
Network Time Protocol |
123 |
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
rip |
Router Information Protocol (router, in.routed) |
520 |
snmp |
Simple Network Management Protocol |
161 |
snmptrap |
SNMP Traps |
162 |
sunrpc |
Sun Remote Procedure Call |
111 |
syslog |
System logger |
514 |
tacacs |
Terminal Access Controller Access Control System |
49 |
talk |
Talk |
517 |
tftp |
Trivial File Transfer Protocol |
69 |
time |
Time |
37 |
who |
Who Service (rwho) |
513 |
xdmcp |
X Display Manager Control Protocol |
177 |
Table 15 lists the valid keyword values for the icmp-type argument.
Keyword |
Description |
---|---|
administratively-prohibited |
Administratively prohibited |
alternate-address |
Alternate address |
conversion-error |
Datagram conversion |
dod-host-prohibited |
Host prohibited |
dod-net-prohibited |
Net prohibited |
echo |
Echo (ping) |
echo-reply |
Echo reply |
general-parameter-problem |
General parameter problem |
host-isolated |
Host isolated |
host-precedence-unreachable |
Host unreachable for precedence |
host-redirect |
Host redirect |
host-tos-redirect |
Host redirect for ToS |
host-tos-unreachable |
Host unreachable for ToS |
host-unknown |
Host unknown |
host-unreachable |
Host unreachable |
information-reply |
Information replies |
information-request |
Information requests |
log |
Log matches against this entry |
log-input |
Log matches against this entry, including input interface |
mask-reply |
Mask replies |
mask-request |
Mask requests |
mobile-redirect |
Mobile host redirects |
net-redirect |
Network redirect |
net-tos-redirect |
Network redirect for ToS |
net-tos-unreachable |
Network unreachable for ToS |
net-unreachable |
Network unreachable |
network-unknown |
Network unknown |
no-room-for-option |
Parameter required but no room |
option-missing |
Parameter required but not present |
packet-too-big |
Fragmentation needed and DF set |
parameter-problem |
All parameter problems |
port-unreachable |
Port unreachable |
precedence |
Match packets with given precedence value |
precedence-unreachable |
Precedence cutoff |
protocol-unreachable |
Protocol unreachable |
reassembly-timeout |
Reassembly timeout |
redirect |
All redirects |
router-advertisement |
Router discovery advertisement |
router-solicitation |
Router discovery solicitation |
source-quench |
Source quenches |
source-route-failed |
Source route failed |
time-exceeded |
All time exceeded messages |
time-range |
Specify a time-range |
timestamp-reply |
Timestamp replies |
timestamp-request |
Timestamp requests |
tos |
Match packets with given type of service (ToS) value |
traceroute |
Traceroute |
ttl-exceeded |
TTL Exceeded |
unreachable |
All unreachables |
Table 7 lists the valid keyword values for the igmp-type argument.
Keyword |
Description |
---|---|
dvmrp |
Specifies Distance-Vector Multicast Routing Protocol. |
Host-query |
Specifies host query. |
Host-report |
Specifies host report. |
pim |
Specifies Protocol Independent Multicast. |
Table 8 lists the valid keyword values for the dscp-value argument.
Keyword |
Definition |
---|---|
af11 |
Assured Forwarding—Class 1/Drop precedence 1 |
af12 |
Assured Forwarding—Class 1/Drop precedence 2 |
af13 |
Assured Forwarding—Class 1/Drop precedence 3 |
af21 |
Assured Forwarding—Class 2/Drop precedence 1 |
af22 |
Assured Forwarding—Class 2/Drop precedence 2 |
af23 |
Assured Forwarding—Class 2/Drop precedence 3 |
af31 |
Assured Forwarding—Class 3/Drop precedence 1 |
af32 |
Assured Forwarding—Class 3/Drop precedence 2 |
af33 |
Assured Forwarding—Class 3/Drop precedence 3 |
af41 |
Assured Forwarding—Class 4/Drop precedence 1 |
af42 |
Assured Forwarding—Class 4/Drop precedence 2 |
af43 |
Assured Forwarding—Class 4/Drop precedence 3 |
cs0 |
Class Selector 0 |
cs1 |
Class Selector 1 |
cs2 |
Class Selector 2 |
cs3 |
Class Selector 3 |
cs4 |
Class Selector 4 |
cs5 |
Class Selector 5 |
cs6 |
Class Selector 6 |
cs7 |
Class Selector 7 |
df |
Default Forwarding (same as cs0) |
ef |
Expedited Forwarding |
Table 9 lists the valid keyword values for the prec-value argument.
Keyword |
Description |
---|---|
tine |
Specifies routine precedence (value=0). |
priority |
Specifies priority precedence (value=1). |
immediate |
Specifies immediate precedence (value=2). |
flash |
Specifies flash precedence (value=3). |
flash-override |
Specifies flash override precedence (value=4). |
critical |
Specifies critical precedence (value=5). |
internet |
Specifies internetwork control precedence (value=6). |
network |
Specifies network control precedence (value=7). |
Table 10 lists the valid keyword values for the tos-value argument.
Keyword |
Description |
---|---|
max-reliability |
Specifies maximum reliable ToS (value=2). |
max-throughput |
Specifies maximum throughput ToS (value=4). |
min-delay |
Specifies minimum delay ToS (value=8). |
min-monetary-cost |
Specifies minimum monetary cost ToS (value=1). |
normal |
Specifies normal ToS (value=0). |
The following example specifies that all IP traffic to destination host, 10.25.1.1, is to be denied, and all other traffic on subnet 10.25.1/24 is to be permitted:
[local]Redback(config-ctx)#ip access-list protect201 [local]Redback(config-access-list)#seq 12 deny ip any host 10.25.1.1 [local]Redback(config-access-list)#seq 22 permit ip any 10.25.1.0 0.0.0.255
Statements in IPv4 and IPv6 ACLs can contain different criteria; for syntax for statements for IPv4 ACLs, see seq (IPV4 ACL).
seq seq-num { deny | permit} [protocol] {src-ipv6-addr/prefix-length | any } [cond ] [range port end-port] [dest-ipv6-addr/prefix-length | any ] [icmp-type icmp-type] [icmp-code icmp-code]] [established] [traffic-class eq traffic-class-value] [condition cond-id]
no seq seq-num
Creates an IPv6 access control list (ACL) statement that denies or allows packets that meet the specified criteria and sets the order of the statement in the ACL.
access control list configuration
seq-num |
Sequence number for the statement in an ACL. The range of values is 1 to 4,294,967,295. |
deny |
Deny packets with the specified criteria. |
permit |
Allow packets with the specified criteria. |
protocol |
Optional. Number indicating a supported protocol as specified in RFC 1700, Assigned Numbers. The range of values is 0 to 255 or one of the keywords listed in: For statements in IPv6 ACLs, see Table 11. |
src-ipv6-address/prefix-length |
The traffic source to add to the statement criteria. The src-ipv6-address argument is in the format A:B:C:D::E/prefix-length, where the prefix length can be from 0 to 128. |
any |
Indicates that IP traffic to or from all IP addresses is to be included in the permit or deny criteria. |
cond |
Required if you specify the TCP or UDP protocol. Matching condition according to one of the keywords listed in Table 12. |
range port end-port |
Optional if you specify the TCP or UCP protocol. Beginning and ending TCP or UDP source or destination ports that define a range of port numbers. A packet’s port must be within the specified range to match the criteria. The range of values is 1 to 65,535 or one of the keywords listed in Table 13 and Table 14. |
dest-ipv6-addr/prefix-length |
The traffic destination to be matched. The src-ipv6-address/prefix-length argument is in the format A:B:C:D::E/prefix-length, where the range of values for the prefix length can be from 0 to 128. |
icmp-type icmp-type |
Optional. Type of ICMP packet to be matched. The range of values is 0 to 255, or one of the keywords listed in Table 15. This argument is only available if you specify icmp for the protocol argument. |
icmp-code icmp-code |
Optional if you use the icmp-type icmp-type construct. A particular ICMP message code to be matched. The range of values is 0 to 255. |
established |
Optional with the TCP protocol. Specifies that only established TCP port connections are to be matched. This keyword is only available if you specify tcp for the protocol argument. |
traffic eq traffic-class-value |
Optional. Type of traffic class to be matched. The traffic-class-value argument is a DSCP; the range of values is from 0 to 63 or one of the DSCP keywords in Table 16. |
condition cond-id |
Optional. Matching ACL condition ID, in integer or IP address format. The ID range of values is 1 to 4,294,967,295. Not supported with IPv6 administrative ACLs. |
None
Use the seq deny and seq permit constructs to create an IP ACL statement to deny or allow packets that meet the specified criteria. This command also sets the order of the statement in the ACL. You can also use the deny and permit commands to create an IP ACL statement; in this case, the SmartEdge OS automatically sets the order of the statement in the ACL.
In IPv6 statements, a total of 100 rules can be added to an ACL, and IPv6 administrative ACLs (in contexts) have an implicit statement that enables IPv6 Neighbor Discovery.
Use the no form of this command to delete the statement with the specified sequence number from the ACL.
Table 11 lists the valid keyword values for the protocol argument:
icmp |
ICMP version 6; requires the IPv6 source prefix in the format 1:2:3:4:5:6:7::8/48 or the any keyword. |
ipv6 |
Any IPv6 Protocol (excluding IPv6 extension headers). Requires the IPv6 source prefix in the format 1:2:3:4:5:6:7::8/48 or the any keyword. |
ospf |
Open Shortest Path First. |
pcp |
Payload Compression Protocol |
pim |
Protocol Independent Multicast. |
tcp |
Transmission Control Protocol. |
udp |
User Datagram Protocol. |
Table 12 lists the valid keyword values for the cond argument.
Keyword |
Description |
---|---|
eq |
Equal to |
gt |
Greater than |
lt |
Less than |
neq |
Not equal to |
Table 13 lists the valid keyword values for the port argument when it is used to specify a TCP port.
Keyword |
Definition |
Corresponding Port Number |
---|---|---|
bgp |
Border Gateway Protocol (BGP) |
179 |
chargen |
Character generator |
19 |
cmd |
Remote commands (rcmd) |
514 |
daytime |
Daytime |
13 |
discard |
Discard |
9 |
domain |
Domain Name System |
53 |
echo |
Echo |
7 |
exec |
Exec (rsh) |
512 |
finger |
Finger |
79 |
ftp |
File Transfer Protocol |
21 |
ftp-data |
FTP data connections (used infrequently) |
20 |
gopher |
Gopher |
70 |
hostname |
Network interface card (NIC) hostname server |
101 |
ident |
Identification protocol |
113 |
irc |
Internet Relay Chat |
194 |
klogin |
Kerberos login |
543 |
kshell |
Kerberos Shell |
544 |
login |
Login (rlogin) |
513 |
lpd |
Printer service |
515 |
nntp |
Network News Transport Protocol |
119 |
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
pop2 |
Post Office Protocol Version 2 |
109 |
pop3 |
Post Office Protocol Version 3 |
110 |
shell |
Remote command shell |
514 |
smtp |
Simple Mail Transport Protocol |
25 |
ssh |
Secure Shell |
22 |
sunrpc |
Sun Remote Procedure Call |
111 |
syslog |
System logger |
514 |
tacacs |
Terminal Access Controller Access Control System |
49 |
talk |
Talk |
517 |
telnet |
Telnet |
23 |
time |
Time |
37 |
uucp |
UNIX-to-UNIX Copy Program |
540 |
whois |
Nickname |
43 |
www |
World Wide Web (HTTP) |
80 |
Table 14 lists the valid keyword values for the port argument when it is used to specify a UDP port.
Keyword |
Definition |
Corresponding Port Number |
---|---|---|
biff |
Biff (Mail Notification, Comsat) |
512 |
bootpc |
Bootstrap Protocol client |
68 |
bootps |
Bootstrap Protocol server |
67 |
discard |
Discard |
9 |
dnsix |
DNSIX Security Protocol Auditing |
195 |
domain |
Domain Name System |
53 |
echo |
Echo |
7 |
isakmp |
Internet Security Association and Key Management Protocol (ISAKMP) |
500 |
mobile-ip |
Mobile IP Registration |
434 |
nameserver |
IEN116 Name Service (obsolete) |
42 |
netbios-dgm |
NetBIOS Datagram Service |
138 |
netbios-ns |
NetBIOS Name Service |
137 |
netbios-ss |
NetBIOS Session Service |
139 |
ntp |
Network Time Protocol |
123 |
pim-auto-rp |
Protocol Independent Multicast Auto-RP |
496 |
rip |
Router Information Protocol (router, in.routed) |
520 |
snmp |
Simple Network Management Protocol |
161 |
snmptrap |
SNMP Traps |
162 |
sunrpc |
Sun Remote Procedure Call |
111 |
syslog |
System logger |
514 |
tacacs |
Terminal Access Controller Access Control System |
49 |
talk |
Talk |
517 |
tftp |
Trivial File Transfer Protocol |
69 |
time |
Time |
37 |
who |
Who Service (rwho) |
513 |
xdmcp |
X Display Manager Control Protocol |
177 |
Table 15 lists the valid keyword values for the icmp-type argument.
Keyword |
Description |
---|---|
destination-unreachable |
Destination-unreachable message |
echo-reply |
Echo reply message |
echo-request |
Echo request message |
mipv6 |
Mobile IPv6 message; can be:
|
mld |
Multicast Listener Discovery |
nd |
Neighbor Discovery message; can be:
|
packet-too-big |
Fragmentation needed and DF set |
parameter-problem |
All parameter problems |
renumbering |
Router renumbering message |
send |
Secure Neighbor Discovery messages; can be:
|
time-exceeded |
All time exceeded messages |
Table 16 lists the valid keyword values for the traffic-class-value argument.
Keyword |
Definition |
---|---|
af11 |
Assured Forwarding—Class 1/Drop precedence 1 |
af12 |
Assured Forwarding—Class 1/Drop precedence 2 |
af13 |
Assured Forwarding—Class 1/Drop precedence 3 |
af21 |
Assured Forwarding—Class 2/Drop precedence 1 |
af22 |
Assured Forwarding—Class 2/Drop precedence 2 |
af23 |
Assured Forwarding—Class 2/Drop precedence 3 |
af31 |
Assured Forwarding—Class 3/Drop precedence 1 |
af32 |
Assured Forwarding—Class 3/Drop precedence 2 |
af33 |
Assured Forwarding—Class 3/Drop precedence 3 |
af41 |
Assured Forwarding—Class 4/Drop precedence 1 |
af42 |
Assured Forwarding—Class 4/Drop precedence 2 |
af43 |
Assured Forwarding—Class 4/Drop precedence 3 |
cs0 |
Class Selector 0 |
cs1 |
Class Selector 1 |
cs2 |
Class Selector 2 |
cs3 |
Class Selector 3 |
cs4 |
Class Selector 4 |
cs5 |
Class Selector 5 |
cs6 |
Class Selector 6 |
cs7 |
Class Selector 7 |
df |
Default Forwarding (same as cs0) |
ef |
Expedited Forwarding |
The following example denies TCP traffic with the prefix 22:1:1::2/128 with default forwarding (DSCP code df) and all UDP traffic from port 80 or 81, and permits all IPv6 traffic:
[local]Redback(config-ctx)#ipv6 access-list listmgt [local]Redback(config-access-list)#seq 21 deny tcp 22:1:1::2/128 any traffic-class eq df [local]Redback(config-access-list)#seq 31 deny udp any any range 80 81 [local]Redback(config-access-list)#seq 41 permit ipv6 any any
server ip-addr [prefer] [source if-name] [version num]
{no | default} server ip-addr [prefer] [source if-name] [version num]
Configures the NTP server for a context.
NTP server configuration
ip-addr |
IP address of the NTP server. |
prefer |
Configures this server as preferred to provide synchronization. |
source if-name |
Interface name for outgoing NTP messages; the interface connected to the subnet for NTP broadcasting. The default is the outgoing interface. |
version num |
NTP version to be used; can be 1-3. The default is 3. |
There is no NTP server enabled in the context.
To allow the system clock to be synchronized to an authoritative time source, configure an NTP server in a context with the server command. To name the NTP broadcast interface (connected to the subnet served by this NTP server), use the source if-name construct.
To disable the NTP server, use the no form of the command.
The following example configures an NTP server for the ips202 context.
[local]Redback(config)#context isp202 [local]Redback(config-ctx)#ntp-mode [local]Redback(config-ntp-server)#server-mode [local]Redback(config-ntp-server)#server 1.1.1.2 prefer source ntp
server-group group-name
no server-group
Assigns a Dynamic Host Configuration Protocol (DHCP) server to a DHCP server group.
DHCP relay server configuration
group-name |
DHCP server group name. |
DHCP servers are assigned to the default DHCP server group.
Use the server-group command to assign a DHCP server to a DHCP server group.
Use the no form of this command to assign a DHCP server to the default server group.
The following example assigns DHCP server, dserver7, to the int-grp DHCP server group:
[local]Redback(config-ctx)#dhcp relay server dserver7 [local]Redback(config-dhcp-relay)#server-group int-grp [local]Redback(config-dhcp-relay)#
server-mode
{no | default} server-mode
Enables NTP server functionality in the context.
NTP server configuration
This command has no keywords or arguments.
NTP functionality is not enabled in the context.
To enable NTP server functionality in a context, enter the server-mode command in NTP server configuration mode.
The following example enables NTP server functionality in the isp202 context.
[local]Redback(config)#context isp202 [local]Redback(config-ctx)#ntp-mode [local]Redback(config-ntp-server)#server-mode
service protocol [client] [server]
no service protocol [client] [server]
Enables application-layer protocols in a context.
protocol |
Type of service to enable, according to one of the following keywords:
|
client |
Optional. Enables the protocol’s client. |
server |
Optional. Enables the protocol’s server. This keyword is not supported with the FTP and RCP protocols. |
The FTP, RCP, SCP, SFTP, SSH, Telnet, and TFTP servers are enabled in the local context and disabled in all other contexts; the SCP, SFTP, SSH, Telnet, and TFTP clients are enabled in all contexts.
Use the service command to enable application-layer protocols in a context.
Use the no form of this command to disable application-layer protocols in a context.
The following example enables Telnet service:
[local]Redback(config-ctx)#service telnet
service air-filter
Updates the service date in the fan tray unit in a SmartEdge 400 chassis or the fan and alarm unit in a SmartEdge 800 chassis to the current month and year.
This command has no keywords or arguments.
The service date is not updated; if the alarm for the air filter is enabled, the alarm condition is raised based on the previous service date.
Use the service air-filter command to update the service date in the fan tray unit in a SmartEdge 400 chassis, or the fan and alarm unit in a SmartEdge 800 chassis, to the current month and year. The service date is stored in the EEPROM in the unit.
Caution! | ||
Risk of equipment damage. You can corrupt the EEPROM for the fan
tray unit or fan and alarm unit in which the service date is stored
if you remove the unit from the chassis while the service air-filter
command is running. To reduce the risk, do not attempt to remove the
unit until after the command is completed.
|
If you have configured the alarm for the air filter with the system alarm command (in global configuration mode), you must enter this command after you replace the air filter in either chassis, the fan tray unit in a SmartEdge 400 chassis, or the fan and alarm unit in a SmartEdge 800 chassis. Otherwise, the alarm condition is raised based on the previous service date.
To display the current service date, enter the show hardware fantray detail command (in any mode).
The following example updates the service date with the current month and year. If the current date is February 2005, and the alarm has been enabled with a three-month service interval, the alarm condition becomes active in May 2005:
[local]Redback>service air-filter
service auto-system-recovery
no service auto-system-recovery
Enables automatic system recovery.
This command has no keywords or arguments.
Automatic system recovery is disabled.
Use the service auto-system-recovery command to enable automatic system recovery.
Automatic system recovery allows the system to recover from an error condition in which a process halts. The recovery is carried out by switching to the standby controller card while reloading the current controller card. If the standby controller is not ready or is absent, only a reload is performed.
Use the no form of this command to disable automatic system recovery.
The following example enables automatic system recovery:
[local]Redback(config)#service auto-system-recovery
service card-auto-reload
no service card-auto-reload
Enables the automatic reload of the Packet Processing ASIC (PPA) code on a traffic card if either of its PPAs becomes inoperable.
global configuration
This command has no keywords or arguments.
The PPA code reloads automatically on a traffic card if either of the PPAs becomes inoperable.
Use the service card-auto-reload command to automatically reload the PPA code on a traffic card if either of its PPAs becomes inoperable.
Use the no form of this command to disable the automatic reload of PPA code on a traffic card.
The following example configures the system to automatically reload PPA code on a traffic card on a traffic card if either of its PPAs becomes inoperable:
[local]Redback(config)#service card-auto-reload
service clips dhcp [allow-duplicate-mac | source-mac] [ignore-relay] [maximum max-num] [context ctx-name | {vendor-class-id [default default-id]}] [service-policy pol-name]
no service clips
Enables dynamic clientless IP service selection (CLIPS) on an Ethernet port, 802.1Q permanent virtual circuit (PVC) on an Ethernet port, or Asynchronous Transfer Mode (ATM) PVC.
allow-duplicate-mac |
Optional. Allows duplicate MAC addresses on dynamic CLIPS circuits; the default state does not allow duplicate MAC addresses. Rather than determining subscriber session uniqueness based on a MAC address alone and rejecting such DHCP request messages, the SmartEdge router uses a combination of the MAC address and the DHCP relay agent IP address to uniquely identify CLIPS clients. In this case, the giaddr field in the DHCP request message must be unique.(1) |
service-policy pol-name |
Optional. Name of the service policy to which the CLIPS circuits on this PVC must conform. This construct provides access control to the SmartEdge router based on DHCP option 12 (hostname). The policy definition uses allow and deny commands (in service policy configuration mode) to establish a list of hostnames that are allowed access to the SmartEdge router and a list of hostnames that are denied access. For more information about service policies, see Configuring Service Policies. |
ignore-relay |
Optional. Allows the SmartEdge OS to ignore the DHCP giaddr option and treats the CLIPS subscribers as if they are directly connected to the SmartEdge OS. Use the ignore-relay keyword to allow the SmartEdge OS to ignore the DHCP giaddr option and treat CLIPS subscribers as if they are directly connected to the SmartEdge OS. This keyword is typically used when the CLIPS subscribers are connected to the SmartEdge OS by a Layer 2 switch, which acts as an IP-aware DHCP Relay. |
maximum max-num |
Optional. Maximum number of CLIPS sessions allowed on this circuit. The range of values is 1 to 16,000; the default value is 16,000. |
context ctx-name |
Optional. Name of the context in which the subscriber is authenticated. (1) |
source-mac |
Optional. Associates incoming data packets with a parent CLIPS circuit, based on the source MAC address; that is, the SmartEdge system uses the source MAC address to demultiplex the incoming packet traffic per subscriber. The default (when source-mac is not specified) sorts incoming packets based only on the source IP addresses. |
vendor-class-id [default default-id |
Uses the vendor-class-identifier from DHCP packets for selection of the context in which subscribers are authenticated. The DHCP option-60 attribute is the vendor-class-identifier. The received vendor-class-identifier can have a maximum of 48 characters. Use default default-idto specify a default vendor-class-identifier with a maximum of 48 characters. (1) |
(1) See the "Usage Guidelnes" section for more information.
CLIPS is disabled.
Use the service clips dhcp command to enable dynamic CLIPS on an Ethernet port, 802.1Q PVC on an Ethernet port, or ATM PVC.
You can specify a unique IP address for the giaddr field using the user-class-id or vendor-class-id command (in DHCP giaddr configuration mode); if you do not, the SmartEdge OS uses the primary IP address of the interface that you have configured for the DHCP server for the giaddr field.
Use the no form of this command to disable CLIPS service.
The following example shows how to create eight CLIPS static circuits with session numbers ranging from 1 to 8 on port 1 of the Ethernet traffic card installed in slot 3 and then bind each circuit to an automatically generated subscriber name beginning with the string 10-1-1:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 through 8 [local]Redback(config-port)#bind auto-subscriber “10-1-1” local
The following example shows how to enable dynamic CLIPS on port 1 of the Ethernet traffic card installed in slot 3, using the pol-dhcp service policy:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#service clips dhcp service-policy pol-dhcp
The following example shows how to allow the CLIPS subscribers to act as if they are directly connected to the SmartEdge OS on port 1 on the Ethernet traffic card installed in slot 1:
[local]Redback(config)#port ethernet 1/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 10 [local]Redback(config-dot1q-pvc)#service clips dhcp ignore-relay context dhcp
The following example shows how to allow the CLIPS subscribers that use port 2 on the Ethernet traffic card installed in slot 1 to have duplicate MAC addresses; the unique giaddr is specified using the secondary IP address assigned to the if-dhcp interface:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface if-dhcp multibind [local]Redback(config-if)#ip address 200.1.1.1/24 [local]Redback(config-if)#ip address 200.1.2.1/24 secondary [local]Redback(config-if)#dhcp proxy 16000 [local]Redback(config-dhcp-giaddr)#user-class-id net1 giaddr 200.1.2.1 [local]Redback(config-dhcp-giaddr)#end [local]Redback(config)#port ethernet 1/2 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 10 [local]Redback(config-dot1q-pvc)#service clips dhcp allow-duplicate-mac
service clips-exclude vendor-class-id id [offset position]
{no | default} service clips-exclude vendor-class-id id [offset position]
Specifies a condition by which a Dynamic Host Configuration Protocol (DHCP) host can be excluded from clientless IP service selection (CLIPS) service on this port or permanent virtual circuit (PVC).
vendor-class-id id |
Contents of the DHCP option-60 ID field that is to be excluded, in one of the following formats:
|
offset position |
Optional. Position of the starting octet to which the exclusion condition is to be matched, according to one of the following formats:
The default value is 1 (the first octet). |
No DHCP received IDs are excluded.
Use the service clips-exclude command to specify a condition by which a DHCP host can be excluded from CLIPS service on this port or PVC. Any host that matches the exclusion condition is ineligible for CLIPS service and is treated as a normal DHCP client.
The following guidelines apply to the formats for the id argument:
Matching is performed on an octet basis. The match fails, if after the calculation of the starting position of the octets to be matched (using the offset position construct), there are fewer octets available for matching in the received ID than are specified by the vendor-class-id id construct.
To specify multiple exclusion conditions, enter this command for each condition; a DHCP host is excluded if it matches any of the specified conditions.
Use the no or default form of this command to remove an exclusion condition from the configuration for this port or PVC.
The following example shows how to configure an Ethernet port for CLIPS service and excludes DHCP hosts with an ID of “BP29” and an offset of 3 octets. The matching operation is performed on the 3rd through the 6th octet. If the received ID is CCBP2945, the matching operation is successful:
[local]Redback(config)#port ethernet 14/1 [local]Redback(config-port)#service clips-exclude vendor-class-id “BP29” offset 3
In the following example, the same matching operation is performed but with an offset of –3. In this case, the matching operation starts at the 6th octet and the match always fails because the number of octets to be matched (4) is greater than the number of octets available to be matched:
[local]Redback(config)#port ethernet 14/1 [local]Redback(config-port)#service clips-exclude vendor-class-id “BP29” offset -3
service clips-group group-name
no service clips-group group-name
Assigns a port or permanent virtual circuit (PVC) to the specified clientless IP service selection (CLIPS) group.
group-name |
Name for a CLIPS group of ports and PVCs on which dynamic CLIPS circuits will be created. |
No ports or PVCs are assigned to any CLIPS group.
Use the service clips-group command to assign this port or PVC to the specified CLIPS group. You can assign any mix of ports and PVCs to a CLIPS group. When you assign the port or PVC to the CLIPS group, you enable the creation dynamic CLIPS service on that port or PVC.
You must first create the CLIPS group, using the clips-group command (in global configuration mode), before you can assign a port or PVC to it.
You cannot assign ports and PVCs that you have configured on different traffic cards to the same CLIPS group; that is, CLIPS group supports intra-card, inter-port redundancy, but not inter-card redundancy.
You can enable dynamic CLIPS service on this circuit using the service clips dhcp command (in ATM PVC, dot1q PVC, or port configuration mode), or you can assign this port or PVC to a CLIPS group, but you cannot do both.
Use the no form of this command to remove the port or PVC from the specified CLIPS group.
The following example assigns an 802.1Q PVC on an Ethernet port to the dynamic-clips group:
[local]Redback(config)#port ethernet 4/1 [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 3 [local]Redback(config-dot1q-pvc)#service clips-group dynamic-clips
service clips
no service clips
Enables static clientless IP service selection (CLIPS) on an Ethernet port, 802.1Q permanent virtual circuit (PVC) on an Ethernet port, or Asynchronous Transfer Mode (ATM) PVC.
This command has no keywords or arguments.
CLIPS is disabled.
Use the service clips command to enable static CLIPS on an Ethernet port, 802.1Q PVC on an Ethernet port, or ATM PVC.
For static CLIPS circuits, you must also configure one or more CLIPS PVCs using the clips pvc command (in link group, link PVC, or port configuration mode); see the clips pvc command description.
You can enable CLIPS service on this circuit using the service clips command, or you can assign this circuit to a CLIPS group, using the service clips-group command (in dot1q PVC or port configuration mode), but you cannot do both.
Use the no form of this command to disable CLIPS service.
The following example shows how to create eight CLIPS static circuits with session numbers ranging from 1 to 8 on port 1 of the Ethernet traffic card installed in slot 3 and then bind each circuit to an automatically generated subscriber name beginning with the string 10-1-1:
[local]Redback(config)#port ethernet 3/1 [local]Redback(config-port)#service clips [local]Redback(config-port)#clips pvc 1 through 8 [local]Redback(config-port)#bind auto-subscriber “10-1-1” local
service console-break
no service console-break
Enables the console break feature.
global configuration
This command has no keywords or arguments.
The console break feature is disabled.
Use the service console-break command to enable the console break feature. When this feature is enabled, you can press the Ctrl+Break keys (in sequence) when you are connected to the SmartEdge router through the console port to send a break sequence to the system to halt the system, and enter kernel debug mode.
After the system receives the break sequence from the console, the prompt changes to db>. At this point, you can enter the commands in Table 17.
Kernel Debug Command |
Description |
---|---|
continue |
Resumes normal system operation. |
reboot |
Reloads the system (has the same effect as the reload command in exec mode). |
The system waits for a command for 25 seconds. If you do not enter any command within this time, the system automatically reloads.
Caution! | ||
Risk of data loss. If the console port is directly attached to
the serial port of a computer running Windows NT or UNIX, the computer
might send a break sequence when it reboots. This has the affect of
halting the system and entering kernel debug mode. To reduce the risk,
do not enable the console-break feature if the workstation attached
to the console port is running Windows NT or UNIX.
|
Use the no form of this command to disable the console break feature. When the feature is disabled, the system does not process a break sequence from the console port.
The following example enables the console break feature:
[local]Redback(config)#service console-break
service crash-dump-dram
no service crash-dump-dram
Enables dynamic random-access memory (DRAM) data collection during a crash dump.
This command has no keywords or arguments.
DRAM data collection is enabled.
Use the service crash-dump-dram command to enable DRAM data collection during a crash dump.
Use the no form of this command to disable DRAM data collection during a core dump. In situations where the Packet Processing ASIC (PPA) data collection might take a long time, you can use the no form of this command to skip the DRAM data collection.
The following example disables the DRAM data collection during a crash dump:
[local]Redback(config)#no service crash-dump-dram
service domain-wildcard
no service domain-wildcard
Enables the creation of domain aliases with embedded wildcard characters.
global configuration
This command has no keywords or arguments.
Wildcards are not permitted in domain name aliases.
Use the service domain-wildcard command in global configuration mode to enable the creation of domain aliases with embedded wildcard characters. See the domain command for rules on the use of domain name alias wildcard characters.
Use the no form of this command to disable the use of the * wildcard character.
The following example illustrates the creation of the RBAKERIC* and *com domain aliases for the context bar and the RB* and bob*bar domain aliases for the context bob:
[local]Redback(config)#service domain-wildcard [local]Redback(config)#context bar [local]Redback(config-ctx)#domain RBAKERIC* [local]Redback(config-ctx)#domain *com [local]Redback(config-ctx)#commit [local]Redback(config-ctx)#exit [local]Redback(config)#context bob [local]Redback(config-ctx)#domain RB* [local]Redback(config-ctx)#domain bob*bar [local]Redback(config-ctx)#commit
service inter-context routing
no service inter-context routing
Enables intercontext static routing among non-local contexts.
global configuration
This command has no keywords or arguments.
Disabled
Use the service inter-context routing command to enable intercontext static routing among non-local contexts. When this command is not enabled, intercontext static routing can still be used between the local context and non-local contexts.
For more information on creating and servicing contexts, see Configuring Contexts and Interfaces.
The following example enables non-local inter-context static routing:
[local]Redback(config)#service inter-context routing [local]Redback(config)#context cust-abc [local]Redback(config-ctx)#ip route 11.1.1.0/24 context web-xyz [local]Redback(config-ctx)#context web-xyz [local]Redback(config-ctx)#ip route 12.2.0.0/16 context cust-abc
service load-balance ip {layer-3 | layer-4}
Specifies whether the load balancing hash algorithm should include only Layer 3 information or both Layer 3 and Layer 4 information.
global configuration
layer-3 |
Specifies that the load balancing algorithm includes Layer 3 information only; that is, source and destination IP only. |
layer-4 |
Specifies that the load balancing algorithm includes both Layer 3 and Layer 4 information; that is, source and destination IP and source and destination ports for Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets. |
The load balancing algorithm includes Layer 3 information only.
Use the service load-balance ip command to specify whether the load balancing hash algorithm should include only Layer 3 information or both Layer 3 and Layer 4 information. Layer 3 information consists of the source and destination IP. Layer 4 information includes the destination ports for TCP and UDP packets.
Including the TCP and UDP source and destination ports in the load balancing hash algorithm provides the following functionaries:
The following example shows how to configure the load balancing algorithm to include both Layer 3 and Layer 4 information:
[local]Redback#configure [local]Redback(config)#service load-balance ip layer-4
The following example shows how to return the load balancing algorithm to the default setting, which includes only Layer 3 information:
[local]Redback#configure [local]Redback(config)#service load-balance layer-3
service multiple-contexts
no service multiple-contexts
Enables the creation of multiple contexts on a system.
global configuration
This command has no keywords or arguments.
Multiple contexts are disabled.
Use the service multiple-contexts command to enable the creation of multiple contexts on a system. By default, the “local” context is present, and you cannot use the context command (in global configuration mode) to create additional contexts until you enable the multiple context feature.
Use the no form of this command to disable multiple contexts.
The following example displays sample output when an administrator attempts to create a new context, netone, when the multiple context feature is disabled:
[local]Redback(config)#context netone Context netone doesn’t exist. To configure multiple contexts configure 'service multiple-contexts'
The following example enables the multiple context feature and creates the context, netone:
[local]Redback(config)#service multiple-contexts [local]Redback(config)#context netone
service-policy name svc-pol-name
no service-policy name svc-pol-name
Configures a service policy name and enters service policy configuration mode.
name svc-pol-name |
Service policy name. |
None
Use the service-policy command to configure a service policy name and enter service policy configuration mode.
Use the no form of this command to remove a service policy.
The following example configures a service policy, local-only, and allows subscribers access to the local context only:
[local]Redback(config)#service-policy name local-only [local]Redback(config-policy-svc)#allow context name local
service profile hotlineprofile-name
no service profile hotline profile-name
Specifies an RSE profile that references a policy that defines the classes to which you want to map HTTP redirect rules.
profile-name |
Name of an RSE profile that references a policy that defines the classes to which HTTP redirect rules will be mapped. |
No RSE profile is specified for hotlining.
Use the service profile hotline command to specify an RSE profile that references a policy that defines the classes to which you want to map HTTP redirect rules. This command maps the HTTP redirect rules to classes defined in the policy that is referenced in the specified RSE profile for a MIP FA subscriber.
Use the no form of this command in to remove the specified service profile so that HTTP redirect rules are not mapped to that classes defined in the referenced policy.
The following example shows how to specify an RSE profile for hotlining:
[local]Redback(config)#context local [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#service profile hotline hp1
service upload-coredump ftp:url [context ctx-name]
no service upload-coredump
Enables the sending of core dump files from the local SmartEdge router to the specified URL using the File Transfer Protocol (FTP).
ftp: url |
URL of the server that the system is to send a core dump file using FTP. |
context ctx-name |
Optional. Context for server reachability. |
None
Use the service upload-coredump command to enable the sending of core dump files from the local SmartEdge router to a URL using FTP. The url argument takes the following form, where the username:passwd construct specifies the user and an optional password, the ip-addr argument is the IP address of the FTP server, the hostname argument is the hostname of the FTP server, and the optional :port and /directory arguments are a port or directory on the FTP server.
//username[:passwd]@{ip-addr | hostname} [:port] [//directory]
The hostname argument can only be used if Domain Name System (DNS) resolution is enabled using the ip domain-lookup, ip domain-name, and ip name-servers commands in context configuration mode. For more information, see the Command List.
Use the no form of this command to disable the sending of crash files to the specified URL.
The following example specifies that crash files are to be sent to the specified URL using FTP:
[local]Redback(config)#service upload-coredump ftp://client1:secret@10.10.20.78//out
service vxworks-log-to-screen
no service vxworks-log-to-screen
Enables displaying VxWorks logs on a console connected to one of the console ports on the back of the chassis.
This command has no keywords or arguments.
By default, the VxWorks console port output is redirected, so it is not displayed even though the console cable is connected.
Use the service vxworks-log-to-screen command to enable the VxWorks logs to display on a console connected to one of the console ports on the back of the chassis. Use this command to collect logs without interruption during a switchover or when the SmartEdge router is rebooting.
VxWorks is the OS on the controller cards that is responsible for most low-level processing, such as driving or monitoring traffic cards. To display the VxWorks logs on the VxWorks console, you may also need to set the vx-other flag in the Open Firmware (OFW) shell. To set this flag, access the OFW shell and enter the setenv vx-other 0x27a command at the OK prompt.
For procedures to access the OFW CLI, see Data Collection Guideline in the SmartEdge OS library.
session-action {absolute-timeout | dual-stack-failure| idle-timeout | traffic-limit} account-alive
no session-action
Assigns the actions taken when a subscriber reaches a timeout or traffic limit.
subscriber configuration
absolute-timeout |
Clears the subscriber session if it reaches the absolute-timeout limit. |
dual-stack-failure |
Clears the subscriber session if any IPv4 address or IPv6 prefix conflicts are detected. |
idle-timeout |
Clears the subscriber session if it reaches the idle-timeout limit. |
traffic-limit |
Clears the subscriber session if it reaches the traffic limit. |
account-alive |
Sends a Remote Authentication Dial-In User Service (RADIUS) Account-Alive message. |
No action is taken when a subscriber reaches session limits.
Use the session-action command to assign the actions taken when a subscriber reaches a timeout or traffic limit.
The Account-Alive message contains vendor-specific attribute (VSA) 144 provided by Ericsson AB giving the reason for the session action: volume ingress exceeded, volume egress exceeded, idle timeout, or session timeout (absolute timeout). For more information about vendor VSA 144, see RADIUS Attributes.
The specified action is assigned either to a subscriber profile or an individual subscriber record depending on the type of subscriber:
If an IPv4 address or IPv6 prefix conflict is detected and the session-action dual-stack-failure command is enabled for a dual-stack subscriber:
Use the no form of this command to remove the session action from the subscriber record or profile.
The following example assigns the idle-timeout account-alive session action to the subscriber profile named tomtom:
[local]Redback(config-ctx)#subscriber profile tomtom [local]Redback(config-sub)#session-action idle-timeout account-alive
session-action failure always-up [trap]
no session-action failure always-up
Enables a subscriber session to be successfully established and remain active, regardless of a misconfigured RADIUS attribute, nonexistent RADIUS attribute, or nonmandatory RADIUS attribute that failed to apply.
failure |
Specifies the action to take when RADIUS attributes fail to be provisioned. |
always-up |
Keeps the session active regardless of a misconfigured RADIUS attribute, nonexistent RADIUS attribute, or nonmandatory RADIUS attribute that failed to apply. |
trap |
Optional. Enables SNMP traps and logs to be sent when a RADIUS attribute fails to be initially provisioned. The SNMP trap and log includes information about the reason a RADIUS attribute failed to be initially provisioned, as well as information about keeping the subscriber session active. The logs are sent to a console to alert the appropriate administrator. To use the keyword trap, you must have a configured SNMP server. |
By default, a subscriber session fails to be established and remain active if a RADIUS attribute is misconfigured or nonexistent, or if a nonmandatory RADIUS attribute fails to be applied.
Use the session-action failure always-up command to enable a subscriber session to be successfully established and remain active regardless of a misconfigured RADIUS attribute, nonexistent RADIUS attribute, or a nonmandatory RADIUS attribute that failed to apply. These RADIUS attributes are of the type that can be allowed to be provisioned, regardless of missing RADIUS attribute data or a provisioning failure. The following are examples of these types of RADIUS attributes:
If more than one queuing policy attribute is configured for subscriber encapsulation after the session-action failure always-up command is enabled, the SmartEdge router selects the attribute to apply by matching the queueing policy name and its configured encapsulation type with the actual encapsulation type the subscriber is using. Once matched, the session is established and allowed to remain active.
The session-action failure always-up command must be enabled for a subscriber using either the default subscriber profile or a named subscriber profile within the context to which the subscriber is bound.
Use the keyword trap to enable the SmartEdge router to send SNMP traps and logs that include information about the reason a RADIUS attribute failed to be initially provisioned, as well as information about the action taken to keep the subscriber session up.
Use the no form of this command to return to the default behavior.
The following example shows how to enable the session-action failure always-up command for the default subscriber profile within the context “local”. The keyword trap enables the SmartEdge router to send SMNP traps and logs about the RADIUS attributes that initially fails to be provisioned before being established and kept up:
[local]Redback(config)#config [local]Redback(config)#context local [local]Redback(config-ctx)#subscriber default [local]Redback(config-sub)#session-action failure always-up trap
session-auth {pap | chap | chap pap} [context ctx-name | service-policy svc-policy-name]
{no | default} session-auth
Specifies the method used by the SmartEdge router when acting as a Layer 2 Tunneling Protocol (L2TP) network server (LNS) to authenticate subscriber sessions that arrive from this peer.
L2TP peer configuration
pap |
Specifies that the Password Authentication Protocol (PAP) is to be used to obtain the subscriber name and password from the subscriber. |
chap |
Specifies that the Challenge Handshake Authentication Protocol (CHAP) is to be used to obtain the subscriber name and password from the subscriber. |
chap pap |
Specifies that either PAP or CHAP can be used to obtain the subscriber name and password from the subscriber, but that CHAP is preferred. |
context ctx-name |
Optional. Name of a specific context to which subscriber sessions are restricted. |
service-policy svc-policy-name |
Optional. Name of a service policy that limits the contexts or domains available to the subscriber sessions. |
CHAP or PAP is the authentication method.
Use the session-auth command to specify the method used by the SmartEdge router when acting as an L2TP LNS to authenticate subscriber sessions that arrive from this peer.
Use this optional command for the following conditions:
Use the optional context ctx-name construct to prevent dynamic context selection, thereby limiting the services available to any Point-to-Point Protocol (PPP) sessions that arrive from this peer. Specifically, these sessions are limited to terminating and routing in the named context and to entering a tunnel defined within that context.
If the context ctx-name construct is present, the SmartEdge router attempts to authenticate the session according to the authentication, authorization, and accounting (AAA) configuration for the named context, rather than according to the context portion of the structured subscriber name, if present. If the subscriber passes authentication, the session comes up.
If Remote Authentication Dial-In User Service (RADIUS) returns a Context-Name attribute whose value conflicts with the context ctx-name construct (or any of its aliases) in the command line, the binding fails. Authentication also fails if global authentication is configured and the Access-Response packet from the RADIUS server does not contain a Context-Name attribute.
Use the optional service-policy svc-policy-name construct to attach a service policy to the subscriber sessions from this peer. This construct allows you to limit the services to more than one context.
Changing the configuration of a peer (or peer group) with an established tunnel does not take effect until you delete all tunnels to the peer (using the clear tunnel command [in exec mode]), or until all the tunnels to the peer come down naturally. The configuration database is queried again to reestablish tunnels to the peer, thereby implementing the new configuration.
Use the no or default form of this command to specify the default method to authenticate subscriber sessions.
The following example shows how to specify that only PAP can be used to authenticate subscriber sessions:
[local]Redback(config-ctx)#l2tp-peer name peer1 [local]Redback(config-l2tp)#session-auth pap
session-dampening [half-life reuse suppress max-suppress-time]
no session-dampening
Enables a flapping peer to be temporarily suppressed for a configurable amount of time.
half-life |
Optional. Time, in minutes, after which a penalty is decreased. Once the session has been assigned a penalty, the penalty is decreased by half after the half-life period. The process of reducing the penalty occurs every 5 seconds. The range of values for the half-life period is 1 to 45; the default value is 15. |
reuse |
Optional. Value that determines whether a session is unsuppressed and can be reused. When a penalty for a flapping peer decreases to the point that it falls below this value, the session is unsuppressed and can be reused. Sessions are scanned for reuse every 5 seconds. The range of values is 1 to 20,000; the default value is 1,500. |
suppress |
Optional. Value that determines if a session is suppressed. A session is suppressed when its penalty exceeds this limit. The range of values is 1 to 20,000; the default value is 3,000. |
max-suppress-time |
Optional. Maximum time (in minutes) a session can be denied to open. The range of values is 1 to 255; the default value is four times the half-life argument. If the half-life value is allowed to default, the maximum-suppress value defaults to 60. |
Session dampening is disabled.
Use the session-dampening command to enables a flapping peer to be temporarily suppressed for a configurable amount of time.
This command is per peer and peer-group based. If the peer is member of a peer group, the command is inherited from the peer-group and can be customized in the peer configuration.
The main benefit of this feature is to avoid flapping peers from using system resources, and also to reduce routing churn induced by a flapping peer.
A message is logged when a session is dampened and undampened.
Use the no form of this command to disable session dampening.
The following example enables session dampening with a half life of 5 minutes, a reuse value of 1000, a suppress value of 4000, and a maximum suppress time of 10 minutes:
[local]Redback(config)#context local [local]Redback(config-ctx)#router bgp 100 [local]Redback(config-bgp)#peer-group pi internal [local]Redback(config-bgp-peer-group)#session-dampening 5 1000 4000 10
session-limit {agent-circuit-id | agent-remote-id} number
no session-limit agent-circuit-id | session-limit agent-remote-id
Sets a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID.
subscriber configuration
agent-circuit-id |
Specifies session-limiting behavior based on the agent circuit ID. |
agent-remote-id |
Specifies session-limiting behavior based on the agent remote ID. |
number |
Specifies the maximum number of sessions allowed; number is a value between 1 and 255. |
By default, the SmartEdge router does not enforce a session limit.
Use the session-limit command to set a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID.
The SmartEdge router typically acquires an agent circuit ID or agent remote ID for a subscriber during the discovery process with a digital subscriber line access multiplexer (DSLAM) or dot1q PVC configuration.
If a subscriber acquires an agent circuit ID and agent remote ID, the SmartEdge router checks for both session limits (if configured). If either check fails, the subscriber session fails.
A session limit is an attribute of a subscriber and exists within a local configuration. You can configure a session limit attribute within one of the following items:
If several subscribers share a DSL service, you must configure the session limit attribute consistently for each subscriber to enforce the configured limit properly. The SmartEdge router checks the session limit for each subscriber when it authenticates the subscriber.
Use the no form of this command to remove a previously configured session limit and revert to the default behavior.
To set a session limit by subscriber name, you enter a context and then enter each subscriber name and session limit attribute:
[local]Redback(config)#context isp2 [local]Redback(config-sub)#subscriber name alice [local]Redback(config-sub)#session-limit agent-remote-id 2 [local]Redback(config-sub)#subscriber name bob [local]Redback(config-sub)#session-limit agent-remote-id 2 [local]Redback(config-sub)#subscriber name connie [local]Redback(config-sub)#session-limit agent-remote-id 2
set as-path {prepend {asn... | nn:nn...} | tag}
no set as-path
Prepends an autonomous system (AS) path to Border Gateway Protocol (BGP) routes that pass the route map conditions.
route map configuration
prepend |
Increases the AS path by adding AS numbers (ASNs) to the AS path. |
asn |
ASN in integer format. The range of values is 1 to 65535. The subrange 64512 to 65535 is reserved for private autonomous systems. You can specify up to 16 ASNs. Each ASN must be separated by a space. |
nn:nn |
ASN in unsigned 4-byte nn:nn format, where the first nn represents the first 2 bytes of the ASN, and the second nn represents the second 2 bytes of the ASN. The range of values is 1 to 4294967295. You can specify up to 16 ASNs. Each ASN must be separated by a space. |
tag |
Sets the AS path to the value of the route tag. |
There are no preconfigured route map set actions. The AS path attribute for selected BGP routes is not modified.
Use the set as-path command to prepend an AS path to BGP routes that pass the route map conditions. The only global BGP metric available to influence the best path selection is the AS path length. By varying the length of the AS path, a BGP peer can influence the best path selection. Usually the local AS number is prepended multiple times, increasing the AS path length.
Use the no form of this command to disable the configured set action.
The following example prepends 11 to all the routes advertised to 10.1.1.1:
[local]Redback(config-ctx)#router bgp 11 [local]Redback(config-group)#neighbor 10.1.1.1 [local]Redback(config-peer)#route-map set-as-path out . . . [local]Redback(config-ctx)#route-map set-as-path [local]Redback(config-route-map)#match as-path 1 [local]Redback(config-route-map)#set as-path prepend 11 11
set class from-parameters to-attribute
no set class from-parameters to-attribute
Assign a class from a set of parameters to an attribute.
from-parameters |
Parameter containing the class you want to assign to an attribute. |
to-attribute |
Attribute to which you want to assign a class. |
A class is not assigned to an attribute.
Use the set class command to assign a class from a set of parameters to an attribute.
Use the no form of this command to remove an assigned class from an attribute.
The following example shows how to assign a class from a set of parameters called $redir_class to an attribute called HTTP-Redirect_Rule:
[local]Redback(config)# context local [local]Redback(config-ctx)# radius service profile WIMAX-HTTP-Redirect [local]Redback(config-service-profile)# set class $redir_class HTTP-Redirect-Rule redirect
set community {community-num [no-export] [local-as] [no-advertise] [additive] | none}
no set community
Sets the Border Gateway Protocol (BGP) community attribute for routes that pass the route map conditions.
route map configuration
community-num |
32-bit value expressed as either an unsigned decimal or in nn:nn format, where the first nn is the autonomous system number (ASN) and the second nn is a 2-byte number defined by the autonomous system. The range of unsigned decimal values is 1 to 4,294,967,295. The range of values for aa is 1 to 65,535. The range of values for either nn argument is 1 to 65,535. You can specify up to eight community numbers. Each entry must be separated by a space. |
no-export |
Optional. Does not advertise this route out of the local autonomous system (AS) confederation, or out of the local AS, if it is not part of a confederation. |
local-as |
Optional. Propagates this route only to peers in the local autonomous system. Does not send this route to external peers even if they are in the same confederation. |
no-advertise |
Optional. Does not advertise this route to any peer (internal or external). |
additive |
Optional. Adds the community to the existing communities. |
none |
Removes the community attribute from the prefixes that pass the route map conditions. |
There are no preconfigured route map set actions. The community attribute for selected BGP routes is not modified.
Use the set community command to set the BGP community attribute for routes that pass the route map conditions. A community is a group of destinations that share some common attributes. Each destination can belong to multiple communities.
Use the no form of this command to disable the configured set action.
The following example ensures that routes that pass the AS path 1 conditions have the community set to 9. Routes that pass the autonomous system path list 2 conditions have the community set to no-export (these routes are not advertised out of the local AS confederation, or out of the local AS, if it is not part of a confederation):
[local]Redback(config-ctx)#route-map set_community 10 permit [local]Redback(config-route-map)#match as-path 1 [local]Redback(config-route-map)#set community 9 . . . [local]Redback(config-ctx)#route-map set_community 20 permit [local]Redback(config-route-map)#match as-path 2 [local]Redback(config-route-map)#set community no-export
set community-listecl-namedelete
no set community-list
Deletes Border Gateway Protocol (BGP) communities matching the community list from the BGP community attribute for routes that pass the route map conditions.
route map configuration
ecl-name |
Name of the community list. |
delete |
Deletes communities that match the specified community list from the BGP community attribute. |
There are no preconfigured route map set actions. The community list for selected BGP routes is not modified.
Use the set community-list command to delete BGP communities matching the community list from the BGP community attribute for routes that pass the route map conditions.
Use the no form of this command to disable BGP community deletion.
The following example deletes communities in the community list, comm06:
[local]Redback(config-ctx)#route-map map04 [local]Redback(config-route-map)#match as-path-list aspath02 [local]Redback(config-route-map)#set community-list comm06 delete
set dampening half-life reuse-threshold suppress-threshold max-suppress
no set dampening
Sets the Border Gateway Protocol (BGP) dampening policy for routes that pass the route map conditions.
route map configuration
half-life |
Amount of time (in minutes) before a penalty is decreased by half. After a route is assigned a penalty, that penalty is decreased by half after each half-life period elapses. The range of values is 1 to 45 minutes. |
reuse-threshold |
Route is no longer suppressed when a route penalty level falls below this setting. The range of values is 1 to 20,000. |
suppress-threshold |
Route is suppressed when a route penalty level exceeds this setting. The range of values is 1 to 20,000. |
max-suppress |
Maximum amount of time (in minutes) a route can be suppressed. The range of values is 1 to 255. |
There are no preconfigured route map set actions. No route advertisement dampening is performed for selected routes.
Use the set dampening command to set the BGP dampening policy for routes that pass the route map conditions.
Use the no form of this command to disable the configured set action.
The following example sets the half life to 20 minutes, the reuse threshold to 800, the suppress threshold to 2500, and the maximum suppress time to 80 minutes:
[local]Redback(config-ctx)#route-map rmap_Q permit 10 [local]Redback(config-route-map)#match ip address prefix-list list1 [local]Redback(config-route-map)#set dampening 20 800 2500 80
set dscp dscp-value
no set dscp
Sets the Differentiated Services Code Point (DSCP) value for routes that pass the route map conditions.
route map configuration
dscp-value |
DSCP value. The range of values is 0 to 63. |
There are no preconfigured route map set actions. The DSCP value for selected routes are not modified.
Use the set dscp command to set the DSCP value for routes that pass route-map conditions.
Border Gateway Protocol (BGP) destination-based quality of service (QoS) supports setting the DSCP byte for IP traffic based on BGP attributes including community list and AS path. This can be used by a service provider (SP) to provide multiple levels of service based on a customers IP destination. BGP routes can be assigned a DSCP value based on the BGP table map, route map. When a packet is received on an interface with mark dscp destination enabled, and the packet is routed using a route with an associated DSCP, the packet’s DCSP is updated and the IP header checksum is recalculated.
Use the no form of this command to disable the configured set action.
The following example sets the DCSP value to 5 for routes passing IP access control list 23 conditions:
[local]Redback(config-ctx)#route-map map12 permit 10 [local]Redback(config-route-map)#match ip access-list 23 [local]Redback(config-route-map)#set dscp 5
set ext-community {ext-community-num [additive] | none}
no set ext-community
Sets the Border Gateway Protocol (BGP) extended community attribute for routes that pass the route map conditions.
route map configuration
ext-community-num |
Extended community number, which can be specified only when configuring an extended community list. It can be expressed in either of the following formats:
|
additive |
Optional. Adds the specified extended community numbers to the extended community. You can specify up to eight extended community numbers. Each entry must be separated by a space. |
none |
Removes the extended community attribute from the routes that pass the route map conditions. |
There are no preconfigured route map set actions. The extended community attribute for selected BGP routes is not modified.
Use the set ext-community command to set the BGP extended community attribute for routes that pass the route map conditions.
An extended community is a group of destinations that share some common attributes. Each destination can belong to multiple extended communities. Up to eight extended communities can be specified. If the additive keyword is used, extended communities are added to the existing BGP extended community list; however, unlike AS path attributes, extended community attributes do not include duplicate entries.
Use the no form of this command to disable the configured set action.
The following example ensures that routes that pass the autonomous system (AS) path list 1 conditions have their extended community attribute set to rt:10.10.10.1:15:
[local]Redback(config-ctx)#route-map set_ext_community 10 permit [local]Redback(config-route-map)#match as-path 1 [local]Redback(config-route-map)#set ext-community rt:10.10.10.1:15
The following example ensures that routes that pass the AS path list 2 conditions have their extended community attribute removed:
[local]Redback(config-ctx)#route-map set_ext_community 20 permit [local]Redback(config-route-map)#match as-path 2 [local]Redback(config-route-map)#set ext-community none
set ip aggregate prefix-list-name
no set ip aggregate
Specifies that IPv4 routes that are selected for redistribution and match the specified IPv4 prefix are summarized (rather than individually redistributed).
route map configuration
prefix-list-name |
Identifies an IPv4 prefix list. |
There are no preconfigured route map set actions.
Use the set ip aggregate command to specify that IPv4 routes that are selected for redistribution and match the specified IPv4 prefix are summarized (rather than individually redistributed). Only the prefix and prefix length from the prefix list entries are summarized; for routes containing the prefix and prefix length, only the aggregate is redistributed, rather than the route itself.
For each summarized prefix, a reject route (a route with a NULL0 next-hop) is added to the RIB. The default administrative distance for this reject route is 254.
Use the no form of this command to disable the configured set action.
The following example specifies that IPv4 routes that are selected for redistribution and match the specified IPv4 prefix are summarized:
[local]Redback(config-ctx)#route-map rmap_Q permit 10 [local]Redback(config-route-map)#match ip address prefix-list pl1 [local]Redback(config-route-map)#set ip aggregate test-list
set ipv6 aggregate prefix-list-name
no set ipv6 aggregate
Specifies that IPv6 routes that are selected for redistribution and match the specified IPv6 prefix are summarized (rather than individually redistributed).
route map configuration
prefix-list-name |
Identifies an IPv6 prefix list. |
There are no preconfigured route map set actions.
Use the set ipv6 aggregate command to specify that IPv6 routes that are selected for redistribution and match the specified IPv6 prefix are summarized (rather than individually redistributed). Only the prefix and prefix length from the prefix list entries are summarized; for routes containing the prefix and prefix length, only the aggregate is redistributed, rather than the route itself.
For each summarized prefix, a reject route (a route with a NULL0 next-hop) is added to the RIB. The default administrative distance for this reject route is 254.
Use the no form of this command to disable the configured set action.
The following example specifies that IPv6 routes that are selected for redistribution and match the specified IPv6 prefix are summarized (rather than individually redistributed):
[local]Redback(config-ctx)#route-map rmap_Q permit 10 [local]Redback(config-route-map)#match ipv6 address prefix-list pl1 [local]Redback(config-route-map)#set ipv6 aggregate ipv6-list
set ip next-hop {ip-addr | peer-address}
no set ip next-hop
Determines the next-hop IP address used to forward packets for routes that pass the route map conditions.
route map configuration
ip-addr |
Next-hop IP address in the form A.B.C.D. |
peer-address |
Sets the next-hop IP address to a Border Gateway Protocol (BGP) peer address. For an inbound route map, the system uses the IP address of the BGP neighbor’s peer. For an outbound route map, the system uses the IP address of the local BGP peer. |
There are no preconfigured route map set actions. The next hops of selected routes are not modified.
Use the set ip next-hop command to determine the next-hop IP address used to forward packets for routes that pass the route map conditions. If the peer-address keyword is applied to an inbound route map, the next hop of received matching routes is set to the IP address of the BGP neighbor’s peer, overriding any third-party next hops. If the peer-address keyword is applied to an outbound route map, the next hop of the advertised matching routes is set to the IP address of the local BGP speaker, thus disabling the next-hop calculation.
Use the no form of this command to disable the configured set action.
The following example sets the next hop for routes passing IP access list 1 to the BGP neighbor’s peer IP address:
[local]Redback(config-ctx)#route-map rmap_Q permit 10 [local]Redback(config-route-map)#match ip access-list 1 [local]Redback(config-route-map)#set ip next-hop peer-address
set ipv6 next-hop {ipv6-addr | peer-address}
no set ipv6 next-hop
Determines the next-hop IP Version 6 (IPv6) address used to forward packets for routes that pass the route map conditions.
route map configuration
ipv6-addr |
Next-hop IPv6 address in the form A:B:C:D:E:F:G. |
peer-address |
Sets the next-hop IPv6 address to a Border Gateway Protocol (BGP) peer address. For an inbound route map, the system uses the IPv6 address of the BGP neighbor’s peer. For an outbound route map, the system uses the IPv6 address of the local BGP peer. |
There are no preconfigured route map set actions. The next hops of selected routes are not modified.
Use the set ipv6 next-hop command to determine the next-hop IPv6 address used to forward packets for routes that pass the route map conditions. If you apply the peer-address keyword to an inbound route map, the next hop of received matching routes is set to the IPv6 address of the BGP neighbor’s peer, overriding any third-party next hops. If you apply the peer-address keyword to an outbound route map, the next hop of the advertised matching routes is set to the IPv6 address of the local BGP speaker, thus disabling the next-hop calculation.
Use the no form of this command to disable the configured set action.
The following example sets the next hop for routes passing IPv6 access list 1 to the BGP neighbor’s peer IPv6 address:
[local]Redback(config-ctx)#route-map rmap_Q permit 10 [local]Redback(config-route-map)#match ip access-list 1 [local]Redback(config-route-map)#set ipv6 next-hop peer-address
set label
no set label
Sets the Multiprotocol Label Switching (MPLS) label for routes that pass the route map conditions.
route map configuration
This command has no keywords or arguments.
There are no predefined route map set actions. The label for the route is unmodified.
Use the set label command to set the MPLS label for routes that pass the route map conditions.
Use the no form of this command to remove the MPLS label setting.
The following example sets the MPLS label for routes that pass the conditions specified by the route map, foo:
[local]Redback(config-ctx)#route-map foo [local]Redback(config-route-map)#set label [local]Redback(config-route-map)#
set level {level-1 | level-1-2 | level-2 | nssa-areas | transit-areas}
no set level
For routes that pass the route map conditions, sets the advertisement scope for routes redistributed into Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) routing domains.
route map configuration
level-1 |
Redistributes routes into IS-IS level 1 areas. Routes are not advertised in IS-IS level 2 areas. |
level-1-2 |
Redistributes routes into IS-IS level 1 and level 2 areas. |
level-2 |
Redistributes routes into IS-IS level 2 areas. Routes are not advertised in IS-IS level 1 areas. |
nssa-areas |
Redistributes routes into OSPF not-so-stubby-areas (NSSAs). Routes are not advertised in OSPF transit areas. |
transit-areas |
Redistributes routes into OSPF transit areas. Routes are not advertised in OSPF NSSAs. |
There are no preconfigured route map set actions. For OSPF, routes are advertised into both regular and transit areas. For IS-IS, routes are advertised into both level 1 and level 2 areas.
Use the set level command to set the advertisement scope for routes redistributed into OSPF and IS-IS routing domains.
Use this command in conjunction with the route-map command in context configuration mode, with the redistribute command in OSPF router configuration mode, and with the redistribute command in IS-IS configuration mode.
When a redistributed route is advertised into an OSPF transit area, it is advertised as a type 5 link-state advertisement (LSA). When a redistributed route is advertised into an OSPF NSSA, it is advertised as a type 7 LSA. When the nssa-area keyword is specified for a router that is part of an NSSA, but is not an area border router (ABR), the corresponding routes are advertised as type 7 LSAs without the P (propagate) bit set. The propagate bit is described in RFC 1587, The OSPF NSSA Option.
Use the no form of this command to return the system to its default behavior.
The following example limits the redistribution of static routes into OSPF transit areas:
[local]Redback(config-ctx)#route-map no-nssa-areas permit 10 [local]Redback(config-route-map)#set level transit-areas [local]Redback(config-route-map)#exit [local]Redback(config-ctx)#router ospf 1 [local]Redback(config-ospf)#redistribute static route-map no-nssa-areas
set local-preference local-pref
no set local-preference
Sets the degree of preference for the Border Gateway Protocol (BGP) autonomous system (AS) path for routes that pass the route map conditions.
route map configuration
local-pref |
Integer. The range of values is 0 to 4,294,967,295; the default value is 100. |
There are no preconfigured route map set actions. The preference value is for BGP routes is 100.
Use the set local-preference command to set the degree of preference for the BGP AS path for routes that pass the route map conditions. The preference is sent only to routers in the local autonomous system. A route with a high value is preferred over a route with a lower value.
Use the no form of this command to disable the configured set action.
The following example sets the local preference for all routes included in route access list 1 to 50:
[local]Redback(config-ctx)#route-map rmap_P [local]Redback(config-route-map)#match route-access-list 1 [local]Redback(config-route-map)#set local-preference 50
set metric [+ | -] metric
no set metric
Sets, increments, or decrements the metric value for the destination routing protocol for routes that pass the route map conditions.
route map configuration
+ |
Optional. Adds the specified metric value. |
- |
Optional. Subtracts the specified metric value. |
metric |
Metric value. The range of values is 0 to 4,294,967,295. |
There are no preconfigured route map set actions. The metric for selected routes is not modified. The metric value is determined by the application and routing protocol.
Use the set metric command to set, increment, or decrement the metric value for the destination routing protocol for routes that pass the route map conditions.
Use the no form of this command to disable the configured metric value.
The following example sets the metric value for the routing protocol to 50:
[local]Redback(config-ctx)#route-map rmap_M [local]Redback(config-route-map)#set metric 50
The following example adds 11 to the metric value for the routing protocol:
[local]Redback(config-ctx)#route-map add_metric permit 20 [local]Redback(config-route-map)#set metric +11
set metric-type {external | internal | type-1 | type-2}
no set metric-type
Sets the metric type for the destination routing protocol for routes that pass the route map conditions.
route map configuration
external |
Specifies the Intermediate System-to-Intermediate System (IS-IS) external metric. |
internal |
Specifies the Internal Gateway Protocol (IGP) as the Multi-Exit Discriminator (MED) for Border Gateway Protocol (BGP). |
type-1 |
Specifies the Open Shortest Path First (OSPF) external Type 1 metric. |
type-2 |
Specifies OSPF external Type 2 metric. |
There are no preconfigured route map set actions. The metric type for selected routes is not modified. For routes redistributed into OSPF, the default metric is Type 2.
Use the set metric-type command to set the metric type for the destination routing protocol for routes that pass the route map conditions.
Use the no form of this command to disable the configured set action.
The following example sets the metric type to external:
[local]Redback(config-ctx)#route-map rmap_M [local]Redback(config-route-map)#set metric-type external
set origin {egp | igp | incomplete}
no set origin
Sets the origin of the Border Gateway Protocol (BGP) path for routes that pass the route map conditions.
route map configuration
egp |
Indicates that the path information originated from another autonomous system (AS). |
igp |
Sets the origin to the local Interior Gateway Protocol (IGP). |
incomplete |
Indicates that the origin is unknown. |
There are no preconfigured route map set actions. The origin for selected BGP routes is not modified. The origin is determined by the route type.
Use the set origin command to set the BGP origin path for routes that pass the route map conditions.
Use the no form of this command to disable the configured set action.
The following example sets the origin of routes that pass the route map conditions to IGP:
[local]Redback(config-ctx)#route-map rmap_H [local]Redback(config-route-map)#match route-access-list 10 [local]Redback(config-route-map)#set origin igp
set-overload-bit [on-startup [interval] | bgp-converge-delay [interval] | strict-bgp-tracking]
no set-overload-bit
Sets the overload bit so that other devices do not use the SmartEdge router to forward traffic.
IS-IS router configuration
on-startup |
Optional. Sets the overload bit on startup, and continues until the timer expires. |
interval |
Optional. Timer interval in seconds. The range of values is 10 to 3,600 seconds; the default value is 210 seconds. |
bgp-converge-delay |
Optional. Sets the overload bit on startup, and continues until timer expires or the Border Gateway Protocol (BGP) converges. The overload bit is removed as soon as BGP converges. |
strict-bgp-tracking |
Optional. Sets the overload bit until BGP converges. If BGP is not converged or not running, the overload bit remains set. There is no time out for the overload bit as long as BGP is not converged. |
The overload bit is not set.
Use the set-overload-bit command to set the overload bit so that other devices do not use the SmartEdge router to forward traffic. The other routers in the domain can still forward traffic to IP networks directly connected to this router.
The overload bit is designed by the Intermediate System-to-Intermediate System (IS-IS) protocol to indicate a router overload condition, such as memory shortage; however, this overload bit can be manually set or dynamically set for other network conditions. For example, when a router resides in a web server location, it may only want to attract traffic destined to the web servers, and not attract general traffic headed to other routers. When BGP is running on the router, and if it is not fully converged, the router may not have all the routing information for transit traffic.
Use the set-overload-bit command without any option to indefinitely set the overload bit. This is suitable for the web server location example above.
Use the on-startup keyword if BGP is not configured on the router, or if BGP convergence is not an issue. When the router starts, IS-IS temporarily sets the overload bit to allow the router to reach full functionality with complete routing information on the router.
Use the bgp-converge-delay keyword if BGP is not fully converged, and you want to use the IS-IS overload bit feature to delay other routers from sending transit traffic through the router until BGP converges. If the BGP converge delay time expires, the overload bit is removed, even if BGP has not converged; therefore, you should adjust the BGP converge delay time so that it is appropriate to your network size and the amount information in the BGP routing table.
Use the strict-bgp-tracking keyword if BGP is not fully converged, and you want to use the overload bit feature to stop other routers from sending transit traffic through the router to until BGP converges. The overload bit is removed only when full BGP convergence is reached.
Use the no form of this command to remove the overload bit.
The following example enables ISIS to use the overload bit to delay transit traffic for 60 seconds:
[local]Redback(config-ctx)#router isis test [local]Redback(config-isis)#set-overload-bit bgp-converge-delay 60
set tag tag
no set tag
Sets the route tag value for routes that pass the route map conditions.
route map configuration
tag |
Route tag value. An unsigned 32-bit integer, the range of values is 1 to 4,294,967,295; the default value is 0. |
There are no preconfigured route map set actions. The route tag for selected routes is not modified.
Use the set tag command to set the route tag value for routes that pass the route map conditions.
Use the no form of this command to remove the route tag setting.
The following example sets the route tag to 8 for routes that pass the route map conditions:
[local]Redback(config-ctx)#route-map map_F [local]Redback(config-route-map)#set tag 8
set traffic-index value
no set traffic-index
Sets the traffic index value for routes that pass the route map conditions.
route map configuration
value |
Traffic index number. The range of values is 1 to 8. |
There are no preconfigured route map set actions. The traffic-index for selected routes is not modified.
Use the set traffic-index command to set the traffic index value for routes that pass the route map conditions.
Per index counters for interfaces with Border Gateway Protocol (BGP) attribute-based accounting enabled are maintained for BGP routes assigned a traffic index. The byte and packet counters for a traffic index are incremented based on the route traversed by IP traffic received on the ingress interface. For more information, see the traffic-index-accounting command, and the table-map command in the Command List.
Use the no form of this command to remove the traffic index setting.
The following example sets the traffic index to 3 for routes that pass the route map conditions:
[local]Redback(config-ctx)#route-map bgp-accounting permit 10 [local]Redback(config-route-map)#set traffic-index 3
set weight weight
no set weight
Sets the degree of preference for Border Gateway Protocol (BGP) routes that pass the route map conditions.
route map configuration
weight |
Weight value of a specified BGP route. The range of values is 0 to 65,535. |
There are no preconfigured route map set actions. The weight for selected BGP routes is not modified.
Use the set weight command to set the degree of preference for BGP routes that pass the route map conditions. A route with a high value is preferred over a route with a lower value.
Use the no form of this command to disable the configured set action.
The following example sets the BGP weight to 50 for routes that are permitted by route access list 10:
[local]Redback(config-ctx)#route-map rmap_G [local]Redback(config-route-map)#match route-access-list 10 [local]Redback(config-route-map)#set weight 50
sham-link src-addr dest-addr
no sham-link src-addr dest-addr
Creates an Open Shortest Path First (OSPF) adjacency tunneled over a Virtual Private Network (VPN) backbone and enters OSPF sham link configuration mode.
OSPF area configuration
src-addr |
Source IP address used as the local endpoint for the sham link. It must be the address of a local loopback interface. |
dest-addr |
Destination IP address used as the remote endpoint for the sham link. |
No OSPF sham links are configured.
Use the sham-link command to create an OSPF adjacency tunneled (sham link) over a VPN backbone and enters OSPF sham link configuration mode. Sham links allow the VPN backbone path to be preferred when there are intra-area backdoor links between customer edge (CE) routers in the VPN.
The local connected route corresponding to the source IP address for the sham link must be redistributed into Border Gateway Protocol (BGP) and advertised over the VPN infrastructure to a provider edge (PE) router containing the other end of the sham link.
The route corresponding the remote end of the sham link must be redistributed into the corresponding OSPF instance in the VPN context. VPN routing must be enabled for the OSPF instance.
The cost of the sham link can be configured or will inherit the BGP Multi-Exit Discriminator (MED) from the VPN route.
Use the no form of this command to remove the sham link.
For more information on sham links, see the Internet Draft, OSPF as the PE/CE Protocol in BGP/MPLS VPNs, draft-rosen-vpns-ospf-bgp-mpls-04.txt.
The following example configures a sham link with cost 10 in area 0 for the OSPF instance within the VPN context:
[local]Redback(config-ospf)#vpn domain-id 1.1.1.1 domain-tag 0xfeedacee [local]Redback(config-ospf)#area 0.0.0.0 [local]Redback(config-ospf-area)#sham-link 1.1.1.1 2.2.2.2 [local]Redback(config-ospf-sham-link)#cost 10 [local]Redback(config-ospf-sham-link)#exit [local]Redback(config-ospf)#redistribute bgp 1000
shaping {cbr rate rate cdvt cdvt | ubr [pcr pcr | weight weight] | ubre mcr mcr pcr pcr bt bt | vbr-nrt pcr pcr cdvt cdvt scr scr bt bt | vbr-rt pcr pcr cdvt cdvt scr scr bt bt}
default shaping
Specifies the corresponding traffic class to use for any Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) or shaped virtual path (VP) that references this profile.
ATM profile configuration
cbr |
Specifies traffic class based on a constant bit rate (CBR). |
rate rate |
Traffic bit rate in kbps. The range of values is 64 to 599,040. |
cdvt cdvt |
Cell delay variation tolerance (CDVT), defined as the maximum cell delay (in microseconds) between the expected arrival time and the actual arrival time. It controls how much cell clustering is allowed. The range of values is 1 to 10,000. |
ubr |
Configures traffic class based on an unspecified bit rate (UBR). |
pcr pcr |
Optional. Peak cell rate (PCR); the upper limit on traffic (in kbps), that can be applied to an ATM connection. The range of values is 65 to 599,040, but it must be greater than the value specified for MCR, if specified. Optional for the UBR traffic class; required for the UBRe traffic class. |
weight weight |
Optional. Weight, in number of ATM cells, to assign to any shaped VP or PVC; applicable only to VPs and PVCs on ATM DS-3 and second-generation ATM OC traffic cards (in VC fairness mode). This option is ignore otherwise. The range of values is 1 to 32,000 cells; the default value is 4 cells. |
ubre |
Configures traffic class based on an unspecified bit rate extended (UBRe) that guarantees the specified MCR and allows bursts up to the specified PCR. |
mcr mcr |
Minimum cell rate (MCR); specifies lower limit on traffic (in kbps), that can be applied to an ATM connection. The range of values is 64 to 599,039, but it must be less than the value specified for PCR. |
bt bt |
Burst tolerance (BT); specifies the number of microseconds that traffic can be transmitted at the peak cell rate. The range of values is 1 to 10,000. |
vbr-nrt |
Configures traffic class based on variable bit rate-nonrealtime (VBR-nrt). |
scr scr |
Sustained cell rate (SCR); specifies the rate (in kbps) that should be maintained during transmission of cells across a particular ATM connection. The range of values is 64 to 599,040. |
vbr-rt |
Configures traffic class based on variable bit rate-realtime (VBR-rt). |
Shaping is UBR with the maximum line rate.
Use the shaping command to specify the corresponding traffic class to use for any ATM PVC or VP that references this profile. The following traffic classes are supported:
You can optionally allow bursts of traffic up to a specified peak cell rate (PCR); PCR is the maximum rate at which traffic can be sent, measured in kbps. If PCR is not specified, the default value is the line rate.
Successive shaping commands replace the previous shaping configuration for the profile.
Performance restrictions include:
The aggregated transmit rates for all ATM PVCs on a port must be less than its usable bandwidth or its oversubscribed bandwidth, whichever is larger. You can oversubscribe the bandwidth of an ATM port using the over-subscription-rate command (in ATM OC or ATM DS-3 configuration mode).
Use the default form of this command to specify the default shaping.
The following example shows how to specify the vbr-nrt traffic class for an ATM profile with a PCR of 2500 kbps; a CDVT of 20 ms; an SCR of 2400 kbps; and a BT of 10 ms:
[local]Redback(config)#atm profile low_rate [local]Redback(config-atm-profile)#shaping vbr-nrt pcr 2500 cdvt 20 scr 2400 bt 10
shaping-profile atm-prof-name
no shaping-profile
Assigns an Asynchronous Transfer Mode (ATM) profile to the subscriber record or profile.
atm-prof-name |
Name of an existing ATM profile. |
A subscriber session that is initiated on an ATM permanent virtual circuit (PVC) is governed by the ATM profile assigned to the PVC.
Use the shaping-profile command to assign an ATM profile to the subscriber record or profile.
Use the no form of this command to remove the ATM profile from the subscriber record or profile; a subscriber session initiated on an ATM PVC will be governed by the ATM profile assigned to that ATM PVC.
The following example assigns the ATM profile, ubr, to the named subscriber profile, isp2:
[local]Redback(config-ctx)#subscriber profile isp2 [local]Redback(config-sub)#shaping-profile ubr
show aaa route-download
Displays configuration and operational status for route downloads.
exec
None
The following information is displayed when you run the show aaa route-download command:
[local]Redback>show aaa route-download Method : radius Download interval : 4200 secs Synchronization time : <NOT SET> Default cost : 0 Username prefix : PE1 Password : redback Status : idle Last download attempt : Tue Jun 15 23:28:39 2010 Last successful download : Tue Jun 15 23:28:45 2010 Next scheduled download : Wed Jun 16 00:11:27 2010
show aaa route-download statistics
Displays statistics related to route downloads.
exec
None
The following information is displayed when you run the show aaa route-download statistics command:
[local]Redback>show aaa route-download statistics
Total download attempts : 1 Total manual download attempts : 1 Total route reload attempts : 0 Total route clear attempts : 0 Successful downloads : 1 Failed downloads : 0 Cancelled downloads : 0 In progress downloads : 0 Total downloaded fragments : 1334 Total downloaded routes : 40020 Total modified routes : 0 Error statistics ================ Timeout : 0 Bad packet : 0 Config error : 0 Invalid context : 0 Unclassified : 0
For “global” method, only the following statistics are applicable; others are not applicable:
Total route reload attempts Total route clear attempts Total modified routes
show aaa route subscriber aggregate
Displays all the routes present in the AAA daemon. It does not display transient downloaded routes.
exec
None
The following information is displayed when you run the show aaa route subscriber aggregate command:
[local]Redback#show aaa route subscriber aggregate 10.1.1.0/24 null0 0 11.1.1.0/24 null0 1 12.1.1.0/24 null0 2 13.1.1.0/24 null0 3 14.1.1.0/24 null0 4 15.1.1.0/24 null0 5 16.1.1.0/24 null0 6 17.1.1.0/24 null0 7 18.1.1.0/24 null0 8 19.1.1.0/24 null0 9 20.1.1.0/24 null0 20 21.1.1.0/24 null0 1 22.1.1.0/24 null0 67 23.1.1.0/24 null0 121 255.255.255.255/32 null0 20
To display IPv4 access control list (ACL) information for one or more circuits, the syntax is:
show access-group {circuit-filter | l2tp l2tp-lns-id | mp mp-id} [detail]
show access-group {circuit-filter | mp mp-id} [detail]
To display policy ACL information for one or more circuits to which a forward policy or quality of service (QoS) policy is attached, the syntax is:
show access-group {forward | qos} {circuit-filter | l2tp l2tp-lns-id | mp mp-id} {in | out} [all | conditions | counters | detail]
To display policy ACL information for one or more circuits to which a Network Address Translation (NAT) policy is attached, the syntax is:
show access-group nat {circuit-filter | l2tp l2tp-lns-id | mp mp-id | interface if-name} {in | out} [all | conditions | counters | detail]
To display information about IPv4 ACLs applied to one or more reverse-path-forwarding (RPF)-enabled interfaces, the syntax is:
show access-group rpf [interface if-name in [all | counters | detail]]
To display information about administrative IPv4 ACLs that are applied to the current context, or about IPv4 ACLs or IP ACL access groups that are applied to specified ports, channels, circuits, or interfaces, the syntax is:
show access-group ip-filter {admin | bvi {bvi-name | bvi-id} | interface if-name | l2tp l2tp-lns-id | l2vpn [l2vpn-prof-id] | mip-fa mip-fa-id | mip-ha mip-ha-id | mp mp-id | slot/port:ch:sub} {in | out} [all | conditions | counters | detail | log]
To display information about administrative IPv6 ACLs and IPv6 admin access groups that are applied to the current context, or about IPv6 access groups that are applied to specified interfaces, the syntax is:
show access-group ipv6 filter {admin in [all | counters | detail] | interface if-name {in | out} [all | conditions | counters | detail}
To display information about IP ACLs that are applied to subscriber profiles or records, the syntax is:
show access-group subscriber sub-name@ctx-name [detail]
Displays information about configured administrative, IP, and policy ACLs and the entities to which they are applied.
all modes
all |
Optional. Displays all ACL information. In an ACL group, the information for the first ACL entry is more detailed than the subsequent entries. |
bvi {bvi-id | bvi-name} |
Optional. Displays information about ACLs on BVI circuits. Not supported with IPv6 ACL groups. |
circuit-filter |
Optional. Circuit filter, which is defined as follows. See Table 25: [slot[/port[:chan-num[:sub-chan-num]]] circuit-id] |
conditions |
Optional. Displays ACL conditions. Not supported for admin access groups. |
counters |
Optional. Displays ACL per-rule counters if counters are enabled in the access-list or access-group configuration. |
detail |
Optional. Displays detailed information, as listed in Table 20. Using the detail keyword allows you to check that rules exist for each ACL. |
forward |
Specifies policy ACLs applied to forward policies. |
in |
Displays ACL information for incoming traffic. For IP ACL access groups, ACLs appear in the same order that they appear in the access group. |
interface if-name |
Specifies the name of the interface for which information is to be displayed. |
ip-filter ipv6 filter |
Specifies the administrative ACLs applied to the current context or the IP ACLs applied to the specified interfaces. |
l2tp l2tp-lns-id |
Optional. Specifies the Layer 2 Tunneling Protocol (L2TP) network server (LNS) circuit identifier. Limits the information displayed to ACLs for the LNS circuit. |
l2vpn profile-name |
Optional. L2TP virtual private network (VPN) profile identifier. Limits information displayed to ACLs for the specified L2VPN. |
sub-name@ctx-name |
Subscriber name, followed by the @ symbol, followed by the context name. |
mp mp-id |
Optional. Merge point (MP) circuit identifier. Limits the output to the specified MP circuit. |
nat |
Specifies the policy ACLs applied to Network Address Translation (NAT) policies. |
out |
Displays ACL information for outgoing traffic. Not available for RPF-enabled interfaces or for administrative ACLs. |
qos |
Specifies policy ACLs applied to quality of service (QoS) policies. |
rpf |
Specifies IP ACLs applied to an RPF-enabled interfaces. |
log |
Optional. Displays ACL deny log entries. Applicable for administrative ACLs only. Not supported for IPv6 access-groups or IPv6 admin access-groups. |
None
Use the show access-group command to display information about configured administrative, IP, and policy ACLs and the entities to which they are applied. Entities include one or more circuits, a forward, NAT, or QoS policy, or an interface, or a subscriber. This command displays information for both static and dynamic IP, policy ACLs, and configured access groups.
The value for the port argument on the SmartEdge 100 router is one of the following:
Table 18 lists the range of values for the chan-num and sub-chan-num arguments for various types of channelized ports on the SmartEdge 400 and the SmartEdge 800 routers.
Port |
Channel Types |
chan-num Range |
sub-chan-num Range |
---|---|---|---|
Channelized OC-12 |
DS-3, DS-1 |
1 to 12 |
1 to 28 |
Channelized STM-1 |
E1, DS-0 channel group |
1 to 63 |
1 to 31 |
Channelized DS-3 |
DS-1 |
1 to 28 |
– |
Channelized E1 |
DS-0 channel group |
1 to 31 |
– |
Table 19 describes the fields displayed if you do not specify the detail keyword.
Field |
Description |
---|---|
Circuit |
Traffic card slot number, port number, and circuit identifier to which the ACL is applied. |
ACL Name |
ACL name. Up to ten names may exist. |
Type |
Policy ACL (forward, NAT, or QoS), IP ACL (regular, administrative, or RPF), or RADIUS guided (filter). |
Interface Name |
Name of the interface to which the ACL is applied. |
Dir |
Direction of traffic on the interface to which the ACL is applied. |
Info |
Flags:
|
Rules |
Number of rules or conditions configured in the ACL. For an IP ACL group, any ACL that shows zero (0) rules is not configured and is not active. |
Table 20 describes the fields displayed if you specify the detail keyword.
Field |
Description |
---|---|
ACL type |
Policy ACL (forward, NAT, or QoS), IP ACL (regular, administrative, or RPF), or RADIUS guided (filter). |
ACL context |
Context in which the ACL is created. |
Circuit |
Traffic card slot number, port number, and circuit identifier to which the ACL is applied. When an IP ACL has been applied to a layer 2 circuit through the ip access-group command, the circuit identifier field name is “Circuit [L2].” In all other cases, the circuit identifier field name is simply “Circuit.” |
Interface |
Interface identifier to which the ACL is applied. |
Direction |
Direction of traffic on the interface to which the ACL is applied. |
ACL status |
The following entries indicate the ACL status:
|
Count |
Counter statistics on the number of hits per ACL rules:
|
Log |
|
IP Replacement |
Replacement IP address in a dynamic IP or policy ACL rule. This field is displayed only if an ACL template is applied to the subscriber traffic. |
For dynamic policy ACLs that use vendor-specific attribute (VSA) 164 (Dynamic-Policy-Filter) provided by Ericsson AB, the system displays the Differentiated Services Code Point (DSCP) or type of service (ToS) setting in the rules, depending on the rule specified in the VSA 164 instance.
The system displays the DSCP option as “dscp” and the keyword for the DSCP setting in the rule, if one exists. Table 21 lists the DSCP keywords and their hexadecimal value substitutions; otherwise, a numeric value is displayed in decimal.
Displayed Keyword |
Hex Value |
Definition |
---|---|---|
af11 |
0x0a |
Assured Forwarding—Class 1/Drop Precedence 1 |
af12 |
0x0c |
Assured Forwarding—Class 1/Drop Precedence 2 |
af13 |
0x0e |
Assured Forwarding—Class 1/Drop Precedence 3 |
af21 |
0x12 |
Assured Forwarding—Class 2/Drop Precedence 1 |
af22 |
0x14 |
Assured Forwarding—Class 2/Drop Precedence 2 |
af23 |
0x16 |
Assured Forwarding—Class 2/Drop Precedence 3 |
af31 |
0x1a |
Assured Forwarding—Class 3/Drop Precedence 1 |
af32 |
0x1c |
Assured Forwarding—Class 3/Drop Precedence 2 |
af33 |
0x1e |
Assured Forwarding—Class 3/Drop Precedence 3 |
af41 |
0x22 |
Assured Forwarding—Class 4/Drop Precedence 1 |
af42 |
0x24 |
Assured Forwarding—Class 4/Drop Precedence 2 |
af43 |
0x26 |
Assured Forwarding—Class 4/Drop Precedence 3 |
cs0 |
0x00 |
Class Selector 0 |
cs1 |
0x08 |
Class Selector 1 |
cs2 |
0x10 |
Class Selector 2 |
cs3 |
0x18 |
Class Selector 3 |
cs4 |
0x20 |
Class Selector 4 |
cs5 |
0x28 |
Class Selector 5 |
cs6 |
0x30 |
Class Selector 6 |
cs7 |
0x38 |
Class Selector 7 |
ef |
0x2e |
Expedited Forwarding |
Nondisplayed Keywords |
Hex Value |
Definition |
df |
0x00 |
Default Forwarding (Alternative to cs0) |
prec1 |
0x08 |
Precedence Selector 1 (Alternative to cs1) |
prec2 |
0x10 |
Precedence Selector 2 (Alternative to cs2) |
prec3 |
0x18 |
Precedence Selector 3 (Alternative to cs3) |
prec4 |
0x20 |
Precedence Selector 4 (Alternative to cs4) |
prec5 |
0x28 |
Precedence Selector 5 (Alternative to cs5) |
prec6 |
0x30 |
Precedence Selector 6 (Alternative to cs6) |
prec7 |
0x38 |
Precedence Selector 7 (Alternative to cs7) |
For the ToS option, the system displays “tos”, the ToS group identifier, and the value. See Table 22 for a list of ToS group identifiers.
ToS Group |
Bit Range |
Decimal Value |
Hex Value |
---|---|---|---|
Flags |
1 to 4 |
30 |
0x1E |
Precedence |
5 to 7 |
224 |
0xE0 |
Combined |
1 to 7 |
254 |
0xFE |
DSCP |
2 to 7 |
252 |
0xFC |
Table 23 lists the identifiers that are displayed for the ToS values.
Displayed Identifier |
ToS Value |
ToS Description |
---|---|---|
max-reliability |
2 |
Maximum Reliable ToS |
max-throughput |
4 |
Maximum Throughput ToS |
min-delay |
8 |
Minimum Delay ToS |
min-monetary-cost |
1 |
Minimum Monetary Cost ToS |
normal |
0 |
Normal ToS |
Table 24 lists the identifiers that are displayed for the ToS precedence values.
Displayed Identifier |
Precedence Value |
Precedence Description |
---|---|---|
critical |
5 |
Critical precedence |
flash |
3 |
Flash precedence |
flash-override |
4 |
Flash override precedence |
immediate |
2 |
Immediate precedence |
internet |
6 |
Internetwork control precedence |
network |
7 |
Network control precedence |
priority |
1 |
Priority precedence |
routine |
0 |
Routine precedence |
slot |
Optional. Chassis slot number for a particular traffic card. If omitted, displays information about all circuits in the system. |
port |
Optional. Port number on the specified traffic card. If omitted, displays information about all circuits on the ports of the specified traffic card. |
chan-num |
Optional. Channel number for which circuits are displayed. If omitted, displays information for all channels on the specified port. The range of values depends on the type of port; see Table 18 for the range of values. |
sub-chan-num |
Optional. Subchannel number for which circuits are displayed. If omitted, displays information for all subchannels in the specified channel. The range of values depends on the type of port; see Table 18 for the range of values. |
circuit-id |
Optional. Circuit identifier, which is defined as: {clips clips-id | dlci dlci | pppoe session-id | vlan vlan-id | vpi-vci vpi vci} If omitted, displays information for all circuits on the specified traffic card, port, or channel. |
clips clips-id |
Clientless IP service selection (CLIPS) circuit on a port, channel, 802.1Q PVC, or ATM PVC. The range of values is 1 to 262,144. If the CLIPS circuit is on an 802.1Q or ATM PVC, you specify this construct in addition to the circuit identifier for the 802.1Q or ATM PVC. |
dlci dlci |
Data-link connection identifier (DLCI) for the Frame Relay permanent virtual circuit (PVC). The range of values is 16 to 991. |
pppoe session-id |
Point-to-Point Protocol over Ethernet (PPPoE) session identifier. The range of values is 1 to 65,535. |
vlan vlan-id |
Virtual LAN (VLAN) tag value for an 802.1Q tunnel or PVC. The vlan-id argument is one of the following constructs:
The range of values for any VLAN tag value is 1 to 4,095. |
vpi-vci vpi vci |
Virtual path identifier (VPI) and virtual circuit identifier (VCI) for an ATM PVC. The range of values is 0 to 255 and 1 to 65,535, respectively. By convention, VCI 1 to 31 are reserved for system use. |
The following example displays all configured ACLs in the local context:
[local]Redback#show access-group (Enabled Info: C-counters; L-logging; S-service; M-ACL in diff context) Circuit ACL Name Type Dir Info Rules 3/4 vlan-id 3 clips 4 ADF FI_00000009 Filter In CL 6 3/4 vlan-id 3 clips 4 qos1 QoS In C S 21 3/4 vlan-id 3 clips 4 DPF QI_0000000A QoS In C S 2
The following example displays detailed information about an ACL when per-rule accounting is enabled:
[local]Redback#show access-group forward 3/7 in detail Forwarding ACL : fwd1 ACL context : local Circuit : 3/7 Direction : In ACL status : No classes Count : Rules Log : N/A
The following example displays detailed information about an ACL when service accounting is enabled:
[local]Redback#show access-group forward 3/7 in detail Forwarding ACL : fwd1 ACL context : local Circuit : 3/7 Direction : In ACL status : No classes Count : Service Log : N/A
The following example displays information about the policy ACL and ACL conditions applied to the forward policy attached to incoming traffic on port 1 of the traffic card installed in slot 3:
[local]Redback>show access-group forward 3/1 in conditions
--- circuit 3/1, slot 3, access group redirect_acl, in, rules --- seq 10 permit tcp any any eq www class redir0 condition 101 [redir2] seq 20 permit tcp any any eq 81 class redir1 seq 30 permit tcp any any eq 82 class redir2
The following example displays RPF ACL hit counts for incoming traffic on the e1 interface:
[local]Redback>show access-group rpf interface e1 in counters
--- Circuit 3/1 slot 3 access group tc in counters --- Hit Count: 0 No Match (Default) Hit Count: 0 seq 10 deny ip host 1.1.1.1 host 2.2.2.1 Hit Count: 0 seq 20 permit ip host 1.1.1.2 host 2.2.2.2 Hit Count: 0 seq 30 deny ip host 1.1.1.3 host 2.2.2.3 Hit Count: 0 seq 40 permit ip host 1.1.1.4 host 2.2.2.4 Hit Count: 0 seq 50 deny ip host 1.1.1.5 host 2.2.2.5 Hit Count: 0 seq 60 permit ip host 1.1.1.6 host 2.2.2.6 Hit Count: 0 seq 70 deny ip host 1.1.1.7 host 2.2.2.7
The following example displays all dynamic policy ACL information for incoming traffic on clips circuit 1 with a forward policy attached to it:
[local]Redback#show access-group forward 2/1 clips 1 in all
Forwarding ACL : DPF PI_00000003 ACL context : local Circuit : 2/1 clips 1 Direction : In ACL status : Applied Count : No Log : N/A Number of rules: 5 Circuit 2/1 clips 1, slot 2, access group DPF PI_00000003, in, rules: seq 10 permit ip host 11.1.0.51 any tos max-throughput class c1 seq 20 permit ip host 11.1.0.51 any precedence immediate class c1 seq 30 permit ip host 11.1.0.51 any precedence immediate tos max-throughput class c1 seq 40 permit ip host 11.1.0.51 any tos 6 class c1 seq 50 permit ip host 11.1.0.51 any dscp eq af41 class c1
The following example displays output for IPv6 admin ACLs:
[local]Redback#show access-group ipv6 filter admin in (Enabled Info: C-counters; L-logging; S-service; M-ACL in diff context) Circuit ACL Name Prot Type Ifc Name Dir Info Rules list6 v6 Filter admin In C 6
The following example displays output with the all keyword:
[local]Redback#show access-group ipv6 filter admin in all IPv6 Fltr ACL : list6 ACL context : local Circuit : Interface : admin-access-group Direction : In ACL status : Applied Count : Rules Log : No Admin IPv6 access-list list6, in, 6 rules Hit Count: 0 No Match (Default) Hit Count: 0 seq 10 deny tcp 21::/64 eq 1024 Hit Count: 0 seq 12 deny tcp 22:1:1::2/128 any traffic-class eq df Hit Count: 0 seq 15 deny fragment any any Hit Count: 0 seq 20 deny udp any any range 80 81 Hit Count: 0 seq 30 deny esp any any Hit Count: 0 seq 900 permit ipv6 any any
show access-line [{neighbor ip-addr[:remote-port] | agent-circuit-id string}]
Displays digital subscriber line (DSL) information for one or more DSLs.
neighbor |
Optional. Displays DSL information for the DSLs attached to this Access Node Control Protocol (ANCP) neighbor peer. |
ip-addr |
IP address for the ANCP neighbor peer for one or more DSL lines. |
remote-port |
Optional. Transmission Control Protocol (TCP) port number for this ANCP neighbor peer. The range of values is 1 to 65,535. If not specified, displays DSL information for all neighbors with the specified IP address. |
agent-circuit-id |
Optional. Displays DSL information for the DSL with this circuit agent ID only. |
string |
Circuit agent ID. A text string, with up to 63 printable characters; enclose the string in quotation marks (“ ”) if the string includes spaces. |
When entered without any optional syntax, the show access-line command displays DSL information for all ANCP neighbor peers.
Use the show access-line command to display DSL information for one or more DSLs. This information includes the parameters learned from the DSL attribute extension Type, Length, Value (TLV) in the General Switch Management Protocol (GSMP) Port Up message for the DSL. The fields that this command displays for the ANCP neighbor peer (the DSL access multiplexer [DSLAM]) to which the DSL is attached include:
DSL fields are preceded by the source of the data:
Table 26 lists the types of DSL data and the values that this command can display; fields that are not transmitted to the SmartEdge router are not displayed.
Type of Data |
Values |
---|---|
DSL line state |
|
DSL type (transmission system) |
|
DSL data rates |
|
Data link protocol |
|
Data link encapsulation 1 |
|
Data link encapsulation 2 |
|
(1) If you have configured the access-line rate command (in subscriber
configuration mode) and the actual data rate has been applied to the
subscriber circuit, this command displays these fields with “(applied)”
after the rate.
The following example displays DSL information for ANCP neighbor peer abc-2.1:
[local]Redback>show access-line agent-circuit-id abc-2.1 "abc-2.1" Agent Remote ID "xyz-2.1" Neighbor ID 30.100.1.20:3871 DSLF Transmission System ADSL1 DSLF Line State SHOWTIME DSLF Actual Data Rate Upstream (kbps) 256 (applied) DSLF Actual Data Rate Downstream (kbps) 512 (applied) DSLF Minimum Data Rate Upstream (kbps) 32 DSLF Minimum Data Rate Downstream (kbps) 32 DSLF Attainable Data Rate Upstream (kbps) 1280 DSLF Attainable Data Rate Downstream (kbps) 10784 DSLF Maximum Data Rate Upstream (kbps) 256 DSLF Maximum Data Rate Downstream (kbps) 512 DSLF Minimum low power Data Rate Upstream (kbps) 32 DSLF Minimum low power Data Rate Downstream (kbps) 32 DSLF Maximum Interleaving Delay Upstream (mSec) 20 DSLF Actual Interleaving Delay Upstream (mSec) 16 DSLF Maximum Interleaving Delay Downstream (mSec) 20 DSLF Actual Interleaving Delay Downstream (mSec) 16 ANCP Access-Loop-Encapsulation Data Link = ATM AAL5 Encps 1 = NA Encps 2 = PPPoA LLC PPPoA/oE IWF session
show administrators [active [admin-name]] [sftp-session | ssh-telnet-session]
Displays all administrator sessions on a system.
active |
Optional. Restricts the display to active administrators in the current context. |
admin-name |
Optional. Name of a particular administrator. |
sftp-session |
Optional. For SFTP sessions, displays the IP address and session type. |
ssh-telnet-session |
Optional. For Telnet and SSH sessions, displays the IP address and session type. |
Displays all administrator sessions.
Use the show administrators command to display all administrator sessions on a system. Use the active keyword to limit the display to active sessions. With the active keyword, you can also use the admin-name argument to specify the sessions corresponding to a particular administrator.
In the display, the asterisk (*) character denotes the administrator session in which this command was entered.
The following example displays output from the show administrators command when used without optional constructs:
[local]Redback>show administrators
TTY START TIME REMOTE HOST ADMINISTRATOR ----------------------------------------------------------------------- ttyp0 Mon Jun 27 14:42:53 2005 nosuchhost.redback.com test@local * ttyp1 Mon Jun 27 09:12:31 2005 dhcp-xx.redback.com last@local ttyp2 Mon Jun 27 11:15:43 2005 dhcp-yy.redback.com test@local
The following example displays output from the show administrators command when a specific administrator name is specified:
[local]Redback>show administrators active test
TTY START TIME REMOTE HOST ADMINISTRATOR ----------------------------------------------------------------------- * ttyp0 Mon Jun 27 05:34:38 2005 155.53.6.209 test@local ttyp2 Mon Jun 27 11:15:43 2005 dhcp-yy.redback.com test@local
show alias [{inherit | mode}]
Displays a list of command aliases defined on the system.
inherit |
Optional. Displays the aliases in all modes. |
mode |
Optional. Command mode in which the alias applies. |
Displays all aliases defined on the system.
Use the show alias command to display a list of the command aliases defined on the system.
The following example displays output from the show alias command:
[local]Redback>show alias
Alias Mode Command spc all show port counters users exec show users show clock
show ancp
Displays Access Node Control Protocol (ANCP) global information.
This command has no keywords or arguments.
None
Use the show ancp command to display ANCP global information.
The following example displays global ANCP information:
[local]Redback>show ancp ANCP (GSMP) global info Flags: T - Topology discovery, L - Line Configuration, M - Multicast transaction, O - OAM ------------------------------------------------------------- versions : 3.1 capability : TO (master) system id : default (ca:ef:18:07:29:09) listening port : default (6068) keepalive (retry) : 10 secs retry 3 neighbor connection : 0 cfg neighbor profile : 1 cfg neighbor intf : 1
show ancp neighbor [{ip-address ip-addr[:remote-port] | profile prof-name}]
Displays Access Node Control Protocol (ANCP) session information for one or more ANCP neighbor peers or for an ANCP profile.
ip-address ip-addr |
Optional. Displays information for the ANCP neighbor peer with the specified IP address. |
remote-port |
Optional. TCP port number. The range of values is 1 to 65,535. |
profile prof-name |
Optional. Displays information for the ANCP neighbor peers that use this ANCP neighbor profile. |
When entered without any optional syntax, the show ancp neighbor command displays a summary of ANCP session information for all ANCP neighbor peers.
Use the show ancp neighbor command to display ANCP session information for one or more ANCP neighbor peers. ANCP session information includes Transmission Control Protocol (TCP) and General Switch Management Protocol (GSMP) information. Summary information includes a single line for each ANCP session and a line that displays the total number of ANCP sessions and the total number of ANCP neighbor peers.
The following example displays information for all ANCP neighbor peers:
[local]Redback>show ancp neighbor ANCP (GSMP) neighbor info Flags: T - Topology discovery, L - Line Configuration, M - Multicast transaction, O - OAM ------------------------------------------------------------- capability : T (client) master port : 6068 master sender name : 00:30:88:00:04:b7 ip address:port : 10.4.1.2:7001 peer id : 33:33:33:44:44:44 profile : default incoming interface : default (0x00000000) keepalive : 10 secs, retry 3 instance id : 00:00:2b/00:00:a2 access port/part id : 1/201 adjacency state : ESTABLISHED uptime : 7 secs
show ancp neighbor [ip-address ip-addr[:remote-port]] statistics
Displays Access Node Control Protocol (ANCP) neighbor statistics.
ip-address ip-addr |
Optional. Displays statistics for the ANCP neighbor peer with the specified IP address. |
remote-port |
Optional. TCP port number. The range of values is 1 to 65,535. |
When entered without any optional syntax, the show ancp neighbor statistics command displays statistics for all ANCP neighbor peers.
Use the show ancp neighbor statistics command to display ANCP neighbor statistics for one or more ANCP neighbor peers.
Use the ip-address ip-addr construct to display statistics for a single ANCP neighbor peer.
The following example displays ANCP neighbor statistics for a single ANCP neighbor peer:
[local]Redback>show ancp neighbor ip-address 10.4.1.2: 4001 statistics ANCP (GSMP) neighbor packet statistics ------------------------------------------------------------- ip address:port : 10.4.1.2:4001 packet sent-------------------------------------------------- syn 0 port up 0 syn ack 1 port down 0 ack 13 port new 0 rstack 0 port dead 0 adj update 0 port mgmt 0 packet receive----------------------------------------------- syn 1 port up 100 syn ack 0 port down 0 ack 1 port new 0 rstack 0 port dead 0 adj update 0 port mgmt 0 packet receive version error--------------------------------- syn 0 port up 0 syn ack 0 port down 0 ack 0 port new 0 rstack 0 port dead 0 adj update 0 port mgmt 0 packet receive partition id error---------------------------- syn 0 port up 0 syn ack 0 port down 0 ack 0 port new 0 rstack 0 port dead 0 adj update 0 port mgmt 0 packet receive master bit error------------------------------ syn 0 syn ack 0 ack 0 rstack 0 packet receive event not establish error--------------------- port up 0 port down 0 port new 0 port dead 0
show aps group [aps-group-name] [detail]
Displays Automatic Protection Switching (APS) information and statistics for one or more APS groups in the system.
all modes
group |
Displays group information. |
aps-group-name |
Optional. APS group for which information is to be displayed. |
detail |
Optional. Provides detailed APS information. |
Displays information for all APS groups.
Use the show aps command to display information and statistics for one or more APS groups in the system. Use the optional aps-group-name argument to limit the display to information for a specific APS group. Table 27 lists the fields displayed by this command and their possible values.
Field |
Description |
---|---|
Group |
aps-group-name—Configured name of the APS group. |
ID |
System-assigned group identifier. |
Card (Type) |
Packet over SONET/SDH (POS) traffic card type (oc3, oc12, or oc48, oc192). Asynchronous Transfer Mode (ATM) traffic card type. |
Arch |
Protection type (1+1). |
Direction |
Bidirectional. |
Switch Mode |
|
Table 28 lists the additional fields displayed by the detail keyword.
Field |
Description |
---|---|
Interface Bound |
if-name—Interface to which the working port is bound. Unbound—Working port is not yet bound to any interface. N/A—For ATM APS groups; port bindings are not supported for ATM ports. |
Extra Traffic |
No—Protection port cannot be used to carry extra traffic in 1+1 architecture. |
CHPR |
Current highest-priority request (CHPR):
|
Switch Trigger Reason |
Reason for the last switch. See Table 29. |
Switch Failed Reason |
Why the last switch failed:
|
Maintenance Mode |
IS—In Service. Protection group is currently active. OOS—Out of Service. Protection group is currently inactive. |
Wtr |
Configured value for the WTR interval (1 to 60 minutes). |
Wtr Status |
Active—Port is in the WTR state. Inactive—Port is not in the WTR state. |
Lockout Status Manual Switch Status Forced Switch Status Auto Switch Status |
Status of each type of switch:
|
Tx Traffic |
Active—This port is transmitting traffic. Standby—This port is not transmitting traffic. |
Rx Traffic |
Active—This port is receiving traffic. Standby—This port is not receiving traffic. |
Table 29 lists the reasons a switch can be triggered.
Reason |
Description |
---|---|
No Reason |
No known switch request posted. |
User Request |
Switch request initiated by an administrator (lockout, force, or manual). |
Signal Degraded |
Signal bit error rate (BER) exceeded configured threshold (SD-BER) for this port. |
EBER |
Excessive BER detected. |
Signal Failed |
The BER exceeded the configured threshold (SF-BER) for this port. The port is shutdown, or the port or traffic card has failed. |
AIS |
Alarm indication signal received. |
Equipment Forced Failed |
The port is in an OOS state. Shutdown command (in port configuration mode) entered by administrator. |
Equipment Missing |
Traffic card not installed. |
Equipment Mismatched |
Port types not identical. |
Equipment Failed |
Port or traffic card failed. |
The following example displays information for all APS groups:
[local]Redback#show aps group
Group ID Card Arch Direction Switch Mode --------------------------------------------------------------------------- lin6 26 oc3 1+1 Bidirectional Non-Revertive lab48 27 oc48 1+1 Bidirectional Non-Revertive lin1 28 oc12 1+1 Bidirectional Non-Revertive
The following example displays detailed information for the APS group lab48:
[local]Redback#show aps group lab48 detail
Protection Group: lab48, ID: 29 ---------------------------------------------------------------------- Interface Bound: NE-aps@NearEnd Card Type : oc48 Architecture : 1+1 Direction : Bidirectional Switch Mode : Non-Revertive Extra Traffic : No CHPR : No Reason Switch Trigger Reason : User Request Switch Failed Reason : No Reason Maintenance Mode : IS Working Port: 1/5 Information -------------------------------- Wtr : 5 Wtr Status : Inactive Lockout Status : Idle Manual Switch Status : Idle Forced Switch Status : Idle Auto Switch Status : Idle Tx Traffic : Active Rx Traffic : Active Protect Port: 1/7 Information --------------------------------- Wtr : 5 Wtr Status : Inactive Lockout Status : Idle Manual Switch Status : Idle Forced Switch Status : Idle Auto Switch Status : Idle Tx Traffic : Standby Rx Traffic : Standby
The following example shows how to create the APS group atm1 and display information for the group:
[local]Redback(config)#aps group atm1 atm [local]Redback(config-aps)#architecture 1+1 bidirectional [local]Redback(config-aps)#description ATM APS group 1 [local]Redback(config-aps)#revert 15 [local]Redback(config-aps)#end
The following example shows how to create cards and ports for the group atm1:
[local]Redback(config)#card atm-oc3-4-port 3 [local]Redback(config)#port atm 3/1 [local]Redback(config-atm-oc)#aps working atm1 [local]Redback(config)#port atm 3/2 [local]Redback(config-atm-oc)#aps protect atm1 [local]Redback(config-atm-oc)#commit
The following example displays the APS group atm1 and display protect group information:
[local]Redback#show aps group atm1 detail Protection Group: atm1, ID: 1, Type: atm Description : ATM APS group 1 --------------------------------------------------------------------------- Interface Bound: UnBound Card Type : oc3 Architecture : 1+1 Direction : Bidirectional Switch Mode : Revertive Extra Traffic : No CHPR : Auto Switch Switch Trigger Reason : Signal Failed Switch Failed Reason : No Reason Maintenance Mode : IS Working Port: 3/1 Information -------------------------------- Wtr : 15 Wtr Status : Inactive Lockout Status : Idle Manual Switch Status : Idle Forced Switch Status : Idle Auto Switch Status : Pending Tx Traffic : Active Rx Traffic : Active Protect Port: 3/2 Information --------------------------------- Wtr : 15 Wtr Status : Inactive Lockout Status : Idle Manual Switch Status : Idle Forced Switch Status : Idle Auto Switch Status : Completed Tx Traffic : Standby Rx Traffic : Standby
show arp-cache [ip-addr] [detail]
Displays Address Resolution Protocol (ARP) information for the controller card.
all modes
ip-addr |
Optional. IP address of a specific host. |
detail |
Optional. Displays detailed information for the specified IP address. |
None
Use the show arp-cache command to display ARP information for the controller card.
Use the ip-addr argument to display ARP information for the specified IP address.
The following example displays ARP information for the controller card:
[local]Redback>show arp-cache Total number of arp entries in cache: 4 Resolved entry : 4 Incomplete entry : 0 Host Hardware address Ttl Type Circuit 3.2.13.3 00:30:88:00:12:86 - ARPA 13/3 4.2.13.4 00:30:88:00:12:87 - ARPA 13/4 192.168.11.1 00:30:88:00:12:8e - ARPA 13/11 192.168.12.1 00:30:88:00:12:8f - ARPA 13/12
show arp-cache all
Displays Address Resolution Protocol (ARP) information for both the Berkeley Standard Distribution (BSD) and the controller card for the current context.
all modes
This command has no keywords or arguments.
None
Use the show arp-cache all command to display ARP information for both the BSD and the controller card for the current context.
The following example displays all ARP table information:
[local]Redback>show arp-cache all
Total number of arp entries in cache: 2 Resolved entry : 2 Incomplete entry : 0 Host Hardware address Ttl Type Circuit 40.1.1.1 00:30:88:00:77:00 - ARPA 12/5 40.1.1.2 00:30:88:00:76:02 3585 ARPA 12/5 Showing ARP entries on Cross-connect RP: Host Hardware address Ttl Type 10.13.49.100 00:d0:b7:5a:f3:5f 1181 ARPA 10.13.49.254 00:10:67:00:20:a4 1200 ARPA
show arp-cache all-context
Displays Address Resolution Protocol (ARP) information for both the Berkeley Standard Distribution (BSD) and the controller card for all contexts.
all modes
This command has no keywords or arguments.
None
Use the show arp-cache all-context command to display ARP information for both the BSD and the controller card for all contexts.
The following example displays all ARP information for all contexts:
[local]Redback>show arp-cache all-context
Context :local Context id : 0x40080001 Total number of arp entries in cache: 2 Resolved entry : 2 Incomplete entry : 0 Host Hardware address Ttl Type Circuit 40.1.1.1 00:30:88:00:77:00 - ARPA 12/5 40.1.1.2 00:30:88:00:76:02 3549 ARPA 12/5 Context :faq Context id : 0x40080081 ------------------------------------------------------------------- Total number of arp entries in cache: 0 Context :2 Context id : 0x40080082 ------------------------------------------------------------------- Total number of arp entries in cache: 2 Resolved entry : 2 Incomplete entry : 0 Host Hardware address Ttl Type Circuit 40.1.1.1 00:30:88:00:77:00 3549 ARPA 12/7 40.1.1.2 00:30:88:00:76:02 - ARPA 12/7
show arp-cache interworking slot/port [vlan-id vlan-id]
Displays Address Resolution Protocol (ARP) information for cross-connections between Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs) and 802.1Q PVCs.
all modes
slot |
Optional. Chassis slot number. If omitted, displays information about all circuits in the system. |
port |
Optional. Traffic card port number. If omitted, displays information about all circuits on all ports of the specified traffic card. |
vlan-id vlan-id |
Optional. Virtual LAN (VLAN) tag value for the 802.1Q PVC. The range of values is 1 to 4,095. If omitted, displays the ARP cache for the entire circuit. |
None
Use the show arp-cache interworking command to display ARP information for cross-connections between ATM PVCs and 802.1Q PVCs.
The following example displays display ARP information for cross-connections between ATM PVCs and 802.1Q PVCs:
[local]Redback>show arp interworking Routed Host VLAN Host VLAN Hardware address 10.0.0.1 10.0.0.1 00:10:67:00:4d:65 20.0.0.1 20.0.0.1 00:10:67:00:4d:66 [local]Redback>show arp interworking detail ------------------------------------------------------------- Displaying information for ARP Interworking circuit 12/1 vlan-id 32 Int representation : 12/1:1023:63/1/2/38 Circuit State : UP Local Hardware address : 00:30:88:00:76:fc Remote Hardware address : 00:10:67:00:4d:65 VLAN IP address : 10.0.0.1 Routed IP address : 10.0.0.2 ------------------------------------------------------------- Displaying information for ARP Interworking circuit 12/1 vlan-id 33 Int representation : 12/1:1023:63/1/2/39 Circuit State : UP Local Hardware address : 00:30:88:00:76:fc Remote Hardware address : 00:10:67:00:4d:66 VLAN IP address : 20.0.0.1 Routed IP address : 20.0.0.2
The following example displays ARP information for VLAN ID 32:
[local]Redback>show arp interworking 12/1 vlan-id 32 ------------------------------------------------------------- Displaying information for ARP Interworking circuit 12/1 vlan-id 32 Int representation : 12/1:1023:63/1/2/38 Circuit State : UP Local Hardware address : 00:30:88:00:76:fc Remote Hardware address : 00:10:67:00:4d:65 VLAN IP address : 10.0.0.1 Routed IP address : 10.0.0.2
show arp-cache statistics [xcrp | all]
Displays Address Resolution Protocol (ARP) statistics.
all modes
xcrp |
Optional. Displays statistics for the controller card only. |
all |
Optional. Displays statistics for both the Berkeley Standard Distribution (BSD) and the controller card. |
None
Use the show arp-cache statistics command to display ARP statistics.
The following example displays ARP statistics:
[local]Redback>show arp-cache statistics Display ARP traffic statistics: Rcvd: 3 requests, 0 replies, 0 other, 0 bad Sent: 3 requests, 0 replies InvArp: 0 request-rcvd, 0 reply-sent
show arp-cache summary
Displays summary information about the Address Resolution Protocol (ARP) table.
all modes
This command has no keywords or arguments.
None
Use the show arp-cache summary command to display summary information about the ARP table.
The following example displays summary information about the ARP table:
[local]Redback>show arp-cache summary Showing ARP entries on Cross-connect RP: Host Hardware address Ttl Type 10.13.49.100 00:d0:b7:5a:f3:5f 1198 ARPA 10.13.49.254 00:10:67:00:20:a4 1199 ARPA
show arp-cache xcrp [ip-addr]
Displays Address Resolution Protocol (ARP) information for the controller card.
all modes
ip-addr |
Optional. Specific host IP address to be displayed. |
None
Use the show arp-cache xcrp command to display ARP information for the controller card.
The following example displays ARP information for the controller card:
[local]Redback>show arp-cache xcrp
Showing ARP entries on Cross-connect RP: Host Hardware address Ttl Type 10.13.49.100 00:d0:b7:5a:f3:5f 1198 ARPA 10.13.49.254 00:10:67:00:20:a4 1199 ARPA
show as-path-list [apl-name | first-match as-path-string acl-name | summary]
Displays information about configured Border Gateway Protocol (BGP) autonomous system (AS) path lists.
all modes
apl-name |
Optional. AS path list name. Required when using the first-match keyword construct. |
first-match |
Optional. Searches for the first match specified by the as-path-string argument. Searches for the line in the AS path list specified by the acl-name argument. |
as-path-string |
Text to search for in the specified AS path. Required when using the first-match keyword. |
acl-name |
Name of access control list that is searched for in the AS path list. Required when using the first-match keyword. |
summary |
Optional. Displays AS path summary information. |
Displays information about BGP AS path lists.
Use the show as-path-list command to display information about configured BGP AS path lists.
The following example displays all AS path lists configured for the local context:
[local]Redback>show as-path-list
as-path-list AS2686: count: 1, sequences: 10 - 10, client count: 1 modified: 2 day(s), 20 hour(s) ago seq 10 permit _2686$ (hits: 6, cache hits: 3) as-path-list AS7777: count: 1, sequences: 10 - 10, client count: 1 modified: 2 day(s), 20 hour(s) ago seq 10 permit _7777$ (hits: 765529, cache hits: 765511) as-path-list deny_AS-5619$: count: 2, sequences: 10 - 20, client count: 1 modified: 2 day(s), 20 hour(s) ago seq 10 deny _5619$ (hits: 4, cache hits: 2) seq 20 permit .* (hits: 62867, cache hits: 34976) total as-path lists: 3
The following example displays summary information for AS path lists configured in the local context:
[local]Redback>show as-path-list summary
as-path-list AS2686: count: 1, sequences: 10 - 10, client count: 1 modified: 2 day(s), 20 hour(s) ago as-path-list AS7777: count: 1, sequences: 10 - 10, client count: 1 modified: 2 day(s), 20 hour(s) ago as-path-list deny_AS-5619$: count: 2, sequences: 10 - 20, client count: 1 modified: 2 day(s), 20 hour(s) ago total as-path lists: 3
show atm counters [all] [profile prof-name] [slot/port [vp vpi vpi summary | vpi vpi [vci vci [through end-vci]]]] [details [errors] | no-counter | port-stats | queues | summary [errors]]
Displays cell and segmentation and reassembly (SAR) packet-level counters for configured Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
all modes
all |
Optional. Displays traffic counters for all configured PVCs. This option is available only in the local context. |
profile prof-name |
Optional. Name of an ATM profile. |
slot |
Optional. Chassis slot number of an ATM traffic card with counters to be displayed. |
port |
Optional. Port number of an ATM port with counters to be displayed; see Table 30. |
vp |
Optional. Virtual path tunnel statistics counter containing traffic information for an ATM PVC channel direct from an SAR client. |
start-vpi |
Optional. Starting virtual path identifier (VPI). The range of values is 0 to 255. |
through end-vpi |
Optional. Last VPI in the range. |
start-vci |
Optional. Starting virtual circuit identifier (VCI). The range of values is 1 to 65535. By convention, values 1 to 30 are reserved for system use. |
end-vci |
Optional. Last VCI in the range. |
details |
Optional. Displays more details for each PVC. |
errors |
Optional. Displays counters only for PVCs that have nonzero error counters. |
no-counter |
Optional. Displays only PVCs that do not have counters enabled. |
port-stats |
Optional. Displays operations, administration, and management (OAM) circuit creation on demand (CCOD) counters. This option is available only if you enter the slot and port arguments. |
queues |
Optional. Displays virtual channel (VC) tunnel statistics for each class-of-service (CoS) queue. |
summary |
Optional. Displays only a summary of bound and unbound PVCs. |
Displays cell and SAR packet-level counters for all configured ATM PVCs that are bound in the current context.
Use the show atm counters command to display cell and SAR packet-level counters for configured ATM PVCs. PVC traffic statistics for each PVC are not kept by the system by default. Enter the counters command in ATM profile configuration mode to enable statistics collection.
Table 30 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach.
Traffic Card Type |
Physical Ports |
Low-Density Version |
Low-Density Ports |
---|---|---|---|
2-port ATM OC-3c/STM-1c |
2 |
No |
– |
1-port ATM OC-12c/STM-4c |
1 |
No |
– |
4-port ATM OC-3c/STM-1c |
4 |
Yes |
1, 3 |
8-port ATM OC-3c/STM-1c |
8 |
No |
– |
1-port Enhanced ATM OC-12c/STM-4c |
1 |
No |
– |
2-port ATM OC-12c/STM-4c |
2 |
No |
– |
12-port ATM DS-3(1) |
12 |
No |
– |
(1) Most SmartEdge 800s and all SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
In the local context, specify the all keyword to show all configured ATM PVCs, including both bound PVCs (any context) and unbound PVCs. In any other context, the display includes only PVCs that are bound within the current context.
If you specify a profile name, the output displays counters for PVCs configured with that profile only.
If you specify the slot and port arguments, the output displays PVCs configured on that slot and port only.
If you specify the vp vpi vpi construct, the output displays PVC statistics counts. If a PVC counter is reset, the vp vpi vpi construct returns the number of PVC counts since the last counter reset and all other PVCs in the same VP tunnel. If a PVC is deleted from a VP tunnel, the vp vpi vpi construct returns only the counts of existing PVCs on the VP tunnel.
If you specify the VPI number, the output displays PVCs configured with that VPI only. If you also specify a VCI, the output displays that PVC only. If you specify the through keyword, the output displays the counters for the specified range of VCIs.
If you specify the details keyword, the display includes detailed output for each specified PVC; otherwise, it displays two lines of output for each PVC.
If you specify the errors keyword, the output displays only the counters for the PVCs with errors.
If you specify the no-counters keyword, the output displays only the PVCs that do not have counters enabled.
If you specify the queues keyword, the output displays statistics for each PVC (VC tunnel) for each CoS queue. This keyword applies to ATM PVCs on ATM DS-3 ports only.
If you specify the port-stats keyword, the output displays only the ATM SAR port-level counters. This option is available only if slot and port arguments are configured.
If you specify the summary keyword, the output displays a summary only; it does not include counters for each PVC. Otherwise, the output displays cells sent and packets dropped as the aggregate of all the queues for a VC tunnel.
Use the optional keywords in different combinations to show specific PVCs. For example, use the profile and detail keywords to display detailed counter information for PVCs that you have configured with a specific profile in the current context. This command displays no output if no PVCs match the conditions that you specify with the keywords.
A channel number is not displayed for ATM DS-3 ports and is always 1 for ATM OC ports. If you specify the vp vpi keywords together, the output displays VP statistics counters. The VP statistics counter is the sum of PVC statistics counters in the same VP tunnel. If a PVC counter is reset, the vp vpi keywords return the PVC counters since the last counter reset and the counters for all other PVCs in the same VP tunnel. If a PVC is deleted from a VP tunnel, the vp vpi keywords return only the counters of remaining PVCs on the VP tunnel.
If a port on a first-generation ATM OC traffic card receives CRC32 errors, the affected counters are marked with an asterisk (*) and a note appended to the display.
The per-queue transmit byte (octet) counters currently include the padding bytes in the ATM adaptation layer type 5 (AAL5) common part convergence sublayer-protocol data unit (CPCS-PDU); therefore, the values reported by these counters are higher than the actual values.
By default, most show commands (in any mode) display information for the current context only or, depending on the command syntax, for all contexts. If you are an administrator for the local context, you can insert the optional context ctx-name construct, preceding the show command, to view output for the specified context without entering that context. For more information about using the context ctx-name construct, see the context command description; see the Command List.
The following example shows how to display counters for all ATM PVCs that have counters configured:
[local]Redback>show atm counters
current time: Fri Mar 19 18:26:27 2005 Pkts/Cells Pkts/Cells Xmt Pkts Rcv Pkts Port:Channel VPI VCI Received Sent Dropped Dropped 1/2 :1 10 123 0 0 0 0 0 0 1/2 :1 10 124 0 0 0 0 0 0 1/2 :1 10 125 0 0 0 0 0 0 1/2 :1 10 126 0 0 0 0 0 0 1/2 :1 10 127 0 0 0 0 0 0 1/2 :1 10 128 0 0 0 0 0 0 1/2 :1 10 129 0 0 0 0 0 0 1/2 :1 10 130 0 0 0 0 0 0 pvc with counters: 13 pvc without counters: 0 Cells Rcvd: 0 Cells Sent: 0 Packets Rcvd: 0 Packets Sent: 0 Rcv Packets Dropped: 0 Xmt Packets Dropped: 0 OAM Cells Rcvd: 0 OAM Cells Sent: 195 OAM AIS Rcvd: 0 OAM AIS Sent: 0 OAM RDI Rcvd: 0 OAM RDI Sent: 0 OAM Cells Dropped: 0
The following example shows how to display a summary of counters:
[local]Redback>show atm counters summary
current time: Fri Mar 19 18:26:27 2005 pvc with counters: 1 pvc without counters: 0 Cells Rcvd: 322605 Cells Sent: 322656 Packets Rcvd: 30973 Packets Sent: 30975 Rcv Packets Dropped: 0 Xmt Packets Dropped: 0 OAM Cells Rcvd: 0 OAM Cells Sent: 0 OAM AIS Rcvd: 0 OAM AIS Sent: 0 OAM RDI Rcvd: 0 OAM RDI Sent: 0 OAM Cells Dropped: 0
The following example shows how to display counters for a specific ATM PVC:
[local]Redback>show atm counters 2/2 vpi 10 vci 10
current time: Fri Mar 19 18:26:27 2005 Port:Chan: 2/2 :1 VPI: 10 VCI: 10 Profile: ubr Status: Up Bound to: atm2_1@local First Created: Wed Oct 15 20:24:51 2003 Modified Last: Wed Oct 15 20:24:51 2003 Last Cleared: never Cells Rcvd: 4258147 Cells Sent: 4258208 Packets Rcvd: 408785 Packets Sent: 408788 OAM Cells Rcvd: 0 OAM Cells Sent: 0 OAM AIS Rcvd: 0 OAM AIS Sent: 0 OAM RDI Rcvd: 0 OAM RDI Sent: 0 OAM Cells Dropped: 0 Rcvd Pkts Dropped: 0 Xmt Pkts Dropped: 0 WRED Hi Threshold Dropped: 0 WRED Probability Dropped: 0
The following example shows how to display the counters, including the queues for all VC tunnels (ATM PVC), on a specific port:
[local]Redback>show atm counters 2/2 queues
current time: Fri Mar 19 18:26:27 2005 Pkts Probability HiThreshold Resource Port:Channel VPI VCI Q Sent Drops (Pkts) Drops (Pkts) Drops (Pkts) 2/2 :1 10 10 1 367927 0 0 0 2/2 :1 10 10 2 7433593 0 0 0
The following example displays ATM PVC counters for this VP tunnel using the show atm counters slot/port vp vpi vpi command:
[local]Redback>show atm counters 3/1 vp vpi 101 current time: Thu Aug 20 04:16:53 2009 Pkts/Cells Pkts/Cells Xmt Pkts Rcv Pkts Port:Channel VPI Received Sent Dropped Dropped 3/1 101 20 20 0 0 40 40 pvc with counters: 0 pvc without counters: 0 Cells Rcvd: 40 Cells Sent: 40 Packets Rcvd: 20 Packets Sent: 20 OAM Cells Rcvd: 20 OAM Cells Sent: 20 AIS OAM Cells Rcvd: 0 AIS OAM Cells Sent: 0 RDI OAM Cells Rcvd: 0 RDI OAM Cells Sent: 0 OAM Cells Dropped: 0 Rcvd Pkts Dropped: 0 Xmt Pkts Dropped: 0
show atm profile [prof-name | detail]
Displays information about one or all Asynchronous Transfer Mode (ATM) profiles configured in the current context.
all modes
prof-name |
Optional. Name of an existing ATM profile. |
detail |
Optional. Displays detailed information for all ATM profiles configured in the current context. |
When used without any options, displays summary information in tabular form for all ATM profiles configured in the current context.
Use the show atm profile command to display information about one or all ATM profiles configured in the current context. Table 31 lists the fields that are displayed if the detail keyword or a profile name is not specified.
Field |
Description |
---|---|
Name |
Name specified by the atm profile command; an asterik (*) character indicates a static profile. |
Shaping Mode |
Traffic class specified by the shaping command. |
Counters |
Statistics collection as specified by the counters command. |
CLPBIT |
Status as specified by the clpbit command: On, Off, or QoS to atm. |
MCR |
Traffic class parameter as specified by the shaping command. |
PCR |
Traffic class parameter as specified by the shaping command. |
CDVT |
Traffic class parameter as specified by the shaping command. |
SCR |
Traffic class parameter as specified by the shaping command. |
BT |
Traffic class parameter as specified by the shaping command. |
Table 32 lists the fields that are displayed when the detail keyword or a profile name is specified; fields are not displayed for options that are not configured.
Field |
Description |
---|---|
Name |
Name specified by the atm profile command; static profiles are indicated with STATIC. |
Description |
Profile description specified by the description command. |
Class of Service |
Traffic class. including values for the traffic class arguments, specified by the shaping command.(1) |
Counters |
Statistics collection as specified by the counters command. |
CLPBIT |
Status as specified by the clpbit command: On, Off, or QoS to atm. |
Congestion Avoidance |
EPD or WRED as specified by the epd or red keyword for the congestion command, followed by:
|
OAM Parameters |
Status and, if enabled, values specified by the oam xc, oam fault-monitoring, or oam manage command:
|
(1) When displaying
a profile that specifies the CBR traffic class, the value configured
for the cdvt argument in the shaping command is shown in the CDV field.
The following example shows how to display detailed information about the ATM profile atm-pro:
[local]Redback>show atm profile atm-pro
Name : atm-pro Description : Class of Service : UBR Counters : None CLPBIT : Off Congestion Avoidance : WRED WRED Parameters: Min Threshold : 5 Max Threshold : 15 Probability : 129 Weight : 9 OAM Parameters: Cross-Connect OAM Cells : Disabled Fault Monitoring : Disabled OAM Managed : Disabled
The following example shows how to display detailed information about the ATM profile atm-epd:
[local]Redback>show atm profile atm-epd Name : atm-epd Description : Class of Service : UBR Counters : None CLPBIT : Off Congestion Avoidance : EPD EPD Parameters: Min Threshold : 8 ATM-OC3-2port & ATM-OC12-1port cards ONLY Max Threshold : 987 OAM Parameters: Cross-Connect OAM Cells : Disabled Fault Monitoring : Disabled OAM Managed : Disabled
show atm pvc [aps standby] [slot/port [[vpi] vpi [[vci] start-vci [through end-vci]]]] [all] [dynamic] [profile prof-name] [summary | up | down]
Displays static Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
all modes
aps standby |
Optional. Displays the PVCs stored in the APS standby ports. |
slot |
Optional. Chassis slot number of an ATM traffic card with PVCs to be displayed. The range of values depends on the chassis in which the card is installed; see Table 33. |
port |
Required if you enter the slot argument. Port number with PVCs to be displayed. The range of values depends on the type of traffic card; see Table 34. |
start-vpi |
Optional. Starting virtual path identifier (VPI). The range of values is 0 to 255. |
through end-vpi |
Optional. Last VPI in the range. |
start-vci |
Optional. Starting virtual circuit identifier (VCI). The range of values is 1 to 65535. By convention, values 1 to 30 are reserved for system use. |
end-vci |
Optional. Last VCI in the range. |
all |
Optional. Displays PVCs in all contexts. |
dynamic |
Optional. Displays only the subscriber-based PVCs that are authenticated by the Remote Authentication Dial-In User Service (RADIUS) and that have been dynamically modified by RADIUS during the active session to use a different profile. |
profile prof-name |
Optional. Name of an ATM profile. |
summary |
Optional. Displays only summary information. |
up |
Optional. Displays only operable PVCs. |
down |
Optional. Displays only inoperable PVCs. |
Displays all static ATM PVCs that are bound within the current context.
Use the show atm pvc command to display static ATM PVCs.
Table 33 lists the values for the slot argument for the SmartEdge 800 and SmartEdge 400 chassis; in the table, the IR abbreviation is used for Intermediate Reach.
Traffic Card Type |
slot Argument Range | |
---|---|---|
SmartEdge 400 Router |
SmartEdge 800 Router | |
2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c 4-port ATM OC-3c/STM-1c 8-port ATM OC-3c/STM-1c 1-port Enhanced ATM OC-12c/STM-4c 2-port ATM OC-12c/STM-4c |
1 to 4 |
1 to 6 and 9 to 14 |
12-port ATM DS-3(1) |
3 to 4 |
1 to 5 and 10 to 14 |
(1) The SmartEdge 800s and SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
Table 34 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach.
Traffic Card Type |
Physical Ports |
Low-Density Version |
Low-Density Ports |
---|---|---|---|
2-port ATM OC-3c/STM-1c |
2 |
No |
– |
1-port ATM OC-12c/STM-4c |
1 |
No |
– |
4-port ATM OC-3c/STM-1c |
4 |
Yes |
1, 3 |
8-port ATM OC-3c/STM-1c |
8 |
No |
– |
1-port Enhanced ATM OC-12c/STM-4c |
1 |
No |
– |
2-port ATM OC-12c/STM-4c |
2 |
No |
– |
12-port ATM DS-3(1) |
12 |
No |
– |
(1) Most SmartEdge 800s and all SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
Use the all keyword to display all existing ATM PVCs, including both bound PVCs (any context) and unbound PVCs. If not specified, the output includes only PVCs within the current context.
Use the aps standby keyword to display the PVCs stored in the APS standby ports.
Use the dynamic keyword to display only those subscriber-based ATM PVCs that have been authenticated by RADIUS and that have been dynamically modified by RADIUS during the active session to use a different profile. The dynamic keyword works with any of the other keywords and constructs.
If you specify a profile name by using the profile keyword, the output displays only PVCs configured with that profile.
If you specify the slot and port arguments, the output displays only PVCs created on that slot and port.
If you specify the vpi vpi construct, the output displays only PVCs created with that VPI. If you also specify the vci vci construct, the output displays only that PVC. If you use the through end-vci construct, the output includes the specified range of VCIs.
If you use the summary keyword, the output includes only a summary; it does not display individual PVC data.
Use the up keyword to display only operable PVCs; use the down keyword to display only inoperable PVCs.
Table 35 lists the fields that can be displayed by this command for a specific PVC; fields are not displayed if not appropriate.
Field |
Description |
---|---|
Port:Channel |
Slot and port specified by this command; the channel is always 1 for ATM OC ports and not displayed for ATM DS-3 ports. |
VPI: VCI: |
VPI and VCI specified by this command. |
Profile |
Profile name specified by the atm pvc command. |
Description |
Description specified by the description command. |
Status |
Up or Down. |
Counters |
Statistics collection as specified by the counters command for the profile. The counters column (Ctrs) can indicate:
|
Encapsulation |
Encapsulation as specified by the atm pvc command. |
Bound to |
Interface to which bound; no binding if no binding has been created. |
Binding Cfg |
Command used to create the binding; not displayed if no binding has been created. |
QoS - outbound ATMWFQ policy |
|
Circuit Range |
PVC created as part of a range (using the explicit keyword):
|
CCOD |
Type of ATM PVC; displayed only if the PVC is one of a range of PVCs:
|
Authorize Type |
|
First Created |
Date PVC was created. |
Status Change |
Date PVC status was last changed. |
OAM Cross-Connect |
Status of PVC and oam xc command:
|
OAM Managed |
Status of PVC and oam managed command:
|
OAM Fault Monitoring |
Source of fault management:
|
AIS or RDI |
AIS or RDI state if fault monitoring is enabled by one of the oam commands:
|
The following example shows how to display a specific PVC that is not cross-connected:
[local]Redback>show atm pvc 6/1 vpi 1 vci 101
Port:Channel 6/1 :1 VPI: 1 VCI: 101 Profile: oam Description: circuit to Tokyo Status: Up Counters: None Encapsulation: multi1483 Bound to: no binding Circuit Range: no First Created: Sun Jan 12 13:12:26 2003 Status Change: Sun Jan 12 13:12:26 2003 OAM Cross Connect: Disabled OAM Managed: Disabled OAM Fault Management: Disabled
The following example shows how to display all configured PVCs:
[local]Redback>show atm pvc all
Traffic Port:Channel VPI VCI Profile State Ctrs Encaps Binding 6/1 :1 1 32 1.ubr Down L2 route1483 --- 6/1 :1 1 39 1.vbrrt Down L2 multi1483 --- 6/1 :1 32 1 pf-atm1 Down L2 ipoe --- 6/1 :1 32 2 pf-atm1 Down L2 multi1483 --- 6/2 :1 1 32 1.ubr Down L2 route1483 --- 6/2 :1 1 33 1.vbrrt Down L2 bridge1483 --- 6/2 :1 1 34 1.ubr Down L2 ipoe --- 6/2 :1 1 40 1.ubr Down L2 route1483 --- pvcs up: 0 pvcs down: 8 total pvcs: 8
The following pair of examples displays two subscriber-based PVCs that have had their profiles changed dynamically by RADIUS. In the first example, the configured traffic profiles are shown; in the second example, the dynamically assigned traffic profiles are shown:
[local]Redback>show atm pvc
Traffic Port:Channel VPI VCI Profile State Ctrs Encaps Binding 3/1 :1 10 10 atm-gold Up None ppp --- 3/1 :1 10 11 atm-gold Up None ppp --- pvcs up: 2 pvcs down: 0 total pvcs: 2
[local]Redback>show atm pvc dynamic
Traffic Port:Channel VPI VCI Profile State Ctrs Encaps Binding 3/1 :1 10 10 atm-silv Up None ppp --- 3/1 :1 10 11 atm-silv Up None ppp --- pvcs up: 2 pvcs down: 0 total pvcs: 2
The following example shows how to display all PVCs on standby APS port 5/1:
[local]Redback>show atm pvc 5/1
Traffic Port:Channel VPI VCI Profile State Ctrs Encaps Binding 5/1 :1 0 32 ubr S/Down L2 ppp --- 5/1 :1 0 33 ubr S/Down L2 ppp --- pvcs up: 0 pvcs down: 2 total pvcs: 2
show atm pvc on-demand [aps standby] [slot/port [[vpi] vpi [[vci] start-vci [through end-vci]]]] [active | all | dormant | summary]
Displays on-demand Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
all modes
aps standby |
Optional. Displays the on-demand PVCs stored in the APS standby ports. |
slot |
Optional. Chassis slot number of an ATM traffic card with PVCs to be displayed. The range of values depends on the chassis in which the card is installed; see Table 36. |
port |
Required if you enter the slot argument. Port number with PVCs to be displayed. The range of values depends on the type of traffic card; see Table 37. |
start-vpi |
Optional. Starting virtual path identifier (VPI). The range of values is 0 to 255. |
through end-vpi |
Optional. Last VPI in the range. |
start-vci |
Optional. Starting virtual circuit identifier (VCI). The range of values is 1 to 65535. By convention, values 1 to 30 are reserved for system use. |
end-vci |
Optional. Last VCI in the range. |
active |
Optional. Displays only on-demand PVCs with active subscriber sessions. |
all |
Optional. Displays PVCs in all contexts. |
dormant |
Optional. Displays only on-demand PVCs that are in listening mode. |
summary |
Optional. Displays only summary information. |
Displays all on-demand ATM PVCs in the current context.
Use the show atm pvc on-demand command to display on-demand ATM PVCs.
Table 36 lists the values for the slot argument for each type of SmartEdge chassis; in the table, the IR abbreviation is used for Intermediate Reach.
slot Argument Range | ||
---|---|---|
Traffic Card Type |
SmartEdge 400 Router |
SmartEdge 800 Router |
2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c 4-port ATM OC-3c/STM-1c 8-port ATM OC-3c/STM-1c 1-port Enhanced ATM OC-12c/STM-4c 2-port ATM OC-12c/STM-4c |
1 to 4 |
1 to 6 and 9 to 14 |
12-port ATM DS-3(1) |
3 to 4 |
1 to 5 and 10 to 14 |
(1) The SmartEdge 800s and SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
Table 37 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach.
Traffic Card Type |
Physical Ports |
Low-Density Version |
Low-Density Ports |
---|---|---|---|
2-port ATM OC-3c/STM-1c IR |
2 |
No |
– |
1-port ATM OC-12c/STM-4c |
1 |
No |
– |
4-port ATM OC-3c/STM-1c |
4 |
Yes |
1, 3 |
8-port ATM OC-3c/STM-1c |
8 |
No |
– |
1-port Enhanced ATM OC-12c/STM-4c IR |
1 |
No |
– |
2-port ATM OC-12c/STM-4c |
2 |
No |
– |
12-port ATM DS-3(1) |
12 |
No |
– |
(1) The SmartEdge 800s and SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
Use the all keyword to display all on-demand ATM PVCs, including both bound PVCs (any context) and unbound PVCs. If not specified, the output includes only PVCs within the current context.
If you specify the slot and port arguments, the output displays only PVCs created on that slot and port. The PVCs may be listed by range order and may not necessarily be in ascending order.
Use the aps standby keyword to display the on-demand PVCs stored in the APS standby ports.
If you specify the vpi vpi construct, the output displays only PVCs created with that VPI. If you also specify the vci vci-start construct, the output displays only that PVC. If you use the through end-vci construct, the output includes the specified range of VCIs.
If you use the summary keyword, the output includes only the summary line that is displayed at the end of the output; it does not display individual PVC data.
Use the active keyword to display active PVCs; use the dormant keyword to display PVCs that are in listening mode.
Table 38 lists the fields that can be displayed by the show atm pvc on-demand command.
Field |
Description |
---|---|
Port:Channel |
Slot and port specified by this command; the channel is always 1 for ATM OC ports and not displayed for ATM DS-3 ports. |
VPI |
VPI in the specified range. |
VCI |
VCI in the specified range. |
VC HANDLE |
Internal circuit identifier. |
State |
Up or Down status. |
Encaps |
Configured encapsulation for this PVC. on-demand—PVC is dormant. |
Binding |
Interface to which bound. no binding—bind command has not been entered. |
Mode |
|
active |
Number of PVCs that are configured and subscribers are currently using. |
idle |
Number of PVCs that are configured but no subscriber is using. |
idle-down |
Number of PVCs that are configured and for which the idle-down watchdog timer has started. |
static |
Number of static PVCs that have been created in this range. |
wait |
Number of dormant PVCs that are in the process of being created or deleted in this range. |
dormant |
Number of dormant PVCs that have been created on the SARC and PPA in this range. |
total |
Number of PVCs in this range. |
The following example shows how to display data for all on-demand PVCs:
[local]Redback#show atm pvc on-demand active: 0 idle: 0 idle-down: 0 wait-cfg: 1 static: 0 wait: 0 dormant: 0 total: 1
The following example shows how to display the state of an on-demand PVC when the configuration is not yet completed (the circuit has not been bound):
[local]Redback#show atm pvc on-demand Port:Channel VPI VCI VC HANDLE State Encaps Binding Mode 1/1 :1 1 1 --- Down on-demand no binding dormant 4/1 :1 1 1 ??? Down on-demand no binding limbo 10/1 :1 1 1 --- Up on-demand no binding dormant 10/2 :1 1 1 ??? Down on-demand no binding wait cfg active: 0 idle: 0 idle-down: 0 wait-cfg: 1 static: 0 wait: 0 dormant: 2 limbo: 1 total: 4
The following example shows how to display the state of an on-demand PVC when the configuration is complete and the circuits are active:
[local]Redback#show atm pvc on-demand 3/1 Port:Channel VPI VCI VC HANDLE State Encaps Binding Mode 3/1 :1 10 32 1000 Up multi test_intf@local active 3/1 :1 10 32 1000 Up pppoe --- active
The following example shows how to display the on-demand PVCs configured on the APS standby ports:
[local]Redback>show atm pvc on-demand aps standby
Port:Channel VPI VCI VC HANDLE State Encaps Binding Mode 5/2 :1 20 32 ??? S/Down on-demand no binding wait cfg 5/2 :1 20 33 ??? S/Down on-demand no binding wait cfg 5/4 :1 20 32 ??? S/Down on-demand no binding wait cfg 5/4 :1 20 33 ??? S/Down on-demand no binding wait cfg active: 0 idle: 0 idle-down: 0 wait-cfg: 4 static: 0 wait: 0 dormant: 0 limbo: 0 total: 4
The following example shows how to display the VCI status for a specific VPI:
[local]Redback#show atm pvc on-demand 11/1 vpi 2
Port:Channel VPI VCI VC HANDLE State Encaps Binding Mode 11/1 :1 2 501 --- Up on-demand no binding dormant 11/1 :1 2 101 --- Up on-demand no binding dormant active: 0 idle: 0 idle-down: 0 static: 0 wait: 0 dormant: 2 total: 2
show atm pvc on-demand range [slot/port [start-vpi:start-vci through end-vpi:end-vci]]
Displays range statistics for on-demand Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).
all modes
slot |
Optional. If not specified, statistics for all ATM PVC circuits are displayed. If specified, this argument is the chassis slot number of an ATM traffic card with PVCs to be displayed. The range of values depends on the chassis in which the card is installed; see Table 39. |
port |
Required if you enter the slot argument. If not specified, statistics for all ATM PVC circuits are displayed. If specified, this argument is the port number with PVCs to be displayed. The range of values depends on the type of traffic card; see Table 40. |
start-vpi |
Optional. Starting virtual path identifier (VPI) for the range that is configured for the port. The range of values is 0 to 255. |
start-vci |
Optional. Starting virtual circuit identifier (VCI) for the range that is configured for the port. The range of values is 1 to 65535. By convention, values 1 to 30 are reserved for system use. |
through end-vpi |
Optional. Last VPI in the range that is configured for the port. |
end-vci |
Optional. Last VCI in the range that is configured for the port. |
None
Use the show atm pvc on-demand range command to display range statistics for the specified ATM PVC range. If you want to display the statistics for a given port, you must specify the entire range of on-demand PVCs that are configured for the port as the start-vpi:start-vci through end-vpi:end-vci construct. If you specify a subset of a configured range, no statistics are displayed. Use the show configuration command (in port configuration mode) to find out what the configured range of on-demand PVCs is for the port.
Table 39 lists the values for the slot argument for each type of SmartEdge router; in the table, the IR abbreviation is used for Intermediate Reach.
slot Argument Range | ||
---|---|---|
Traffic Card Type |
SmartEdge 400 Router |
SmartEdge 800 Router |
2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c 4-port ATM OC-3c/STM-1c 8-port ATM OC-3c/STM-1c 1-port Enhanced ATM OC-12c/STM-4c 2-port ATM OC-12c/STM-4c |
1 to 4 |
1 to 6 and 9 to 14 |
12-port ATM DS-3(1) |
3 to 4 |
1 to 5 and 10 to 14 |
(1) The SmartEdge 800s and SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
Table 40 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach.
Traffic Card Type |
Physical Ports |
Low-Density Version |
Low-Density Ports |
---|---|---|---|
2-port ATM OC-3c/STM-1c IR |
2 |
No |
– |
1-port ATM OC-12c/STM-4c |
1 |
No |
– |
4-port ATM OC-3c/STM-1c |
4 |
Yes |
1, 3 |
8-port ATM OC-3c/STM-1c |
8 |
No |
– |
1-port Enhanced ATM OC-12c/STM-4c IR |
1 |
No |
– |
2-port ATM OC-12c/STM-4c |
2 |
No |
– |
12-port ATM DS-3(1) |
12 |
No |
– |
(1) The SmartEdge 800s and SmartEdge
1200 chassis, which have no BNC connectors, do not support the ATM
DS-3 traffic card.
In the local context, use the all keyword to display range statistics for all existing ATM PVCs on the specified port. The all keyword is available only in the local context. In any other context, the output includes range statistics for only the PVCs that are bound within the current context.
Table 41 lists the fields that can be displayed by this command; fields are not displayed if not appropriate.
Field |
Description |
---|---|
Port:Channel |
Slot and port specified by this command; the channel is always 1 for ATM OC ports and not displayed for ATM DS-3 ports. |
VPI: VCI: |
Starting VPI and VCI in the range. |
through VPI: VCI |
Last VPI and VCI in the range. |
Attempts |
Number of attempts to create an on-demand circuit with the specified VPI and VCI. |
Success |
Number of successful attempts to create an on-demand circuit with the specified VPI and VCI. |
Failure |
Number of failed attempts to create an on-demand circuit with the specified VPI and VCI. |
Authorize Type |
Authorization for on-demand circuit:
|
Idle Down Configured |
For on-demand circuits:
|
Range Created on SARC/PPA |
For on-demand circuits:
|
Failure Statistics |
See Table 42. |
Table 42 lists the field definitions for the statistics displayed by this command.
Field |
Description |
---|---|
No shaping profile |
Shaping profile was not found in the AAA attribute list. |
Shaping profile not found |
Specified shaping profile was not configured in the SmartEdge router. |
No encap |
No encapsulation type was specified in the AAA attribute list. |
Non ATM encap |
Specified encapsulation type is not supported by ATM. |
Unsupported ATM encap |
Specified ATM encapsulation type is not supported for on-demand PVCs. |
No binding |
Binding was not found in the AAA attribute list. |
No binding applied on range |
The On-demand range does not have a binding configured. |
Bad bind type for encap |
Binding found in the AAA attribute list does not match the encapsulation type. |
No authen protocols |
Bind type was “authentication”, but no authentication protocols were specified. |
No sub name |
Bind type was “subscriber”, but no subscriber name was specified. |
No auto-sub name |
Bind type was “auto-subscriber”, but no auto-subscriber name was specified. |
PVC exists in RCM |
Attempted to create an on-demand PVC, but the Router Configuration Manager (RCM) indicates it already exists. |
Create PVC failure in RCM |
RCM could not create the PVC. |
Delete PVC failure in RCM |
RCM could not delete the PVC. |
CCOD range not found in RCM |
Attempted to create an on-demand PVC, but the on-demand range was not found in RCM. |
Internal Error |
An unexpected internal error has occurred. |
RCM endpoint down |
Failed to send create PVC because the RCM endpoint was down. |
AAA endpoint down |
Failed to send authorize message to AAA because the AAA endpoint was down. |
RCM restarted |
Failed to create the PVC because the RCM was restarted. |
AAA restarted |
Failed to authorize the PVC with Remote Authentication Dial-In User Service (RADIUS) because AAA was restarted. |
AAA method failure |
AAA returned a method failure. RADIUS server might not be configured. |
AAA authorization failure |
AAA failed to find the PVC configuration in RADIUS. |
SARC open error |
Failed to open the segmentation and reassembly controller (SARC) channel for dormant on-demand entry. |
SARC close error |
Failed to close the SARC channel for dormant on-demand entry. |
No Memory |
Failed to allocate memory for the AAA authorization or RCM circuit creation message. |
TLV failure |
TLV library has produced an unexpected error. |
System call error |
A system call has failed. |
The following example shows how to display the output when a range is specified:
[local]Redback#show atm pvc on-demand range 5/1 10:10 through 10:20 Port:Channel VPI:VCI through VPI:VCI Attempts Success Failure 5/1 :1 10:10 through 10:20 1 1 0 Authorize Type: local Idle Down Configured: yes, 30s Range Created on SARC/PPA: yes Failure Statistics: No shaping profile 0 Shaping profile not found 0 No encap 0 Non ATM encap 0 Unsupported ATM encap 0 No binding 0 No binding applied on range 0 Bad bind type for encap 0 No authen protocols 0 No sub name 0 No auto-sub name 0 No auto-sub context name 0 Failed auto-sub params 0 PVC exists in RCM 0 Create PVC failure in RCM 0 Delete PVC failure in RCM 0 CCOD range not found in RCM 0 Internal error 0 RCM endpoint down 0 AAA endpoint down 0 RCM restarted 0 AAA restarted 0 AAA method failure 0 AAA authorization failure 0 SARC open error 0 SARC close error 0 No memory 0 TLV failure 0 System call error 0
show atm summary [all]
Displays summary information about the Asynchronous Transfer Mode (ATM) ports and permanent virtual circuits (PVCs) that are used for operations, administration, and maintenance (OAM).
all modes
all |
Optional. Displays summary information for both bound and unbound PVCs that are used for OAM in any context. This keyword is available only in the local context. |
Displays summary information for ATM OAM PVCs that are bound in the current context only.
Use the show atm summary command to display information about ATM ports and PVCs that are used for OAM.
The all keyword is available only in the local context and displays summary information for both bound and unbound PVCs that are used for OAM in any context.
If the all keyword is not specified, only the ATM PVCs that are used for OAM and bound in that context are listed.
The following example shows how to display the type of information retrieved by the show atm summary command:
[local]Redback>show atm summary
NO ATM OAM Fault Monitoring Enabled on any PVCs NO ATM OAM Heartbeat (Continuity) Enabled on any PVCs NO ATM OAM Auto-loopback Enabled on any PVCs
show atm vp [profile prof-name] [slot/port [vpi vpi]] [summary]
Displays information about one or more shaped Asynchronous Transfer Mode (ATM) virtual paths (VPs).
all modes
profile prof-name |
Optional. Name of an ATM profile. |
slot |
Optional. Chassis slot number of an ATM traffic card with permanent virtual circuits (PVCs) to be displayed. The range of values depends on the chassis in which the card is installed; see Table 43. |
port |
Required if you enter the slot argument. Port number with PVCs to be displayed. The range of values depends on the type of traffic card; see Table 44. |
vpi vpi |
Optional. VP identifier (VPI). The range of values is 0 to 255. |
summary |
Optional. Displays summary information only. |
None
Use the show atm vp command to display information about one or more shaped ATM VPs.
Table 43 lists the values for the slot argument for each type of SmartEdge router; in the table, the IR abbreviation is used for Intermediate Reach.
slot Argument Range | ||
---|---|---|
Traffic Card Type |
SmartEdge 400 Router |
SmartEdge 800 Router |
2-port ATM OC-3c/STM-1c 1-port ATM OC-12c/STM-4c 4-port ATM OC-3c/STM-1c 8-port ATM OC-3c/STM-1c 1-port Enhanced ATM OC-12c/STM-4c 2-port ATM OC-12c/STM-4c |
1 to 4 |
1 to 6 and 9 to 14 |
ATM DS-3(1) |
3 to 4 |
1 to 5 and 10 to 14 |
(1) The SmartEdge 800s and SmartEdge 1200 chassis,
which have no BNC connectors, do not support the ATM DS-3 traffic
card.
Table 44 lists the range of values for the port argument; in the table, the IR abbreviation is used for Intermediate Reach.
Traffic Card Type |
Physical Ports |
Low-Density Version |
Low-Density Ports |
---|---|---|---|
2-port ATM OC-3c/STM-1c IR |
2 |
No |
– |
1-port ATM OC-12c/STM-4c |
1 |
No |
– |
4-port ATM OC-3c/STM-1c |
4 |
Yes |
1, 3 |
8-port ATM OC-3c/STM-1c |
8 |
No |
– |
1-port Enhanced ATM OC-12c/STM-4c IR |
1 |
No |
– |
2-port ATM OC-12c/STM-4c |
2 |
No |
– |
ATM DS-3(1) |
12 |
No |
– |
(1) The SmartEdge 800s and SmartEdge 1200 chassis,
which have no BNC connectors, do not support the ATM DS-3 traffic
card.
If no VPIs are specified, a table of VPs is displayed with a summary line at the end; specify the summary keyword to display only the summary line.
The following example shows how to display summary information only:
[local]Redback>show atm vp summary
Total Shaped VPs: 3 Total VCs in Shaped VPs: 32
The following example shows how to display summary information for all shaped ATM VPs on the system:
[local]Redback>show atm vp
Port:Channel VPI Total-VCI Profile 9/1 :1 1 0 atm-ubr 9/1 :1 5 21 atm-ubr 10/1 211 11 atm-ubr Total Shaped VPs: 3 Total VCs in Shaped VPs: 32